Lucene search
GoogleOSV:CVE-2017-9795HistoryJan 10, 2018 - 3:29 a.m.
CVE-2017-9795
2018-01-1003:29:00
Google
osv.dev
5
EPSS
0.029
Percentile
90.9%
When an Apache Geode cluster before v1.3.0 is operating in secure mode, a user with read access to specific regions within a Geode cluster may execute OQL queries that allow read and write access to objects within unauthorized regions. In addition a user could invoke methods that allow remote code execution.
References
www.securityfocus.com/bid/102488
lists.apache.org/thread.html/0fc5ea3c1ea06fe7058a0ab56d593914b05f728a6c93c5a6755956c7%40%3Cuser.geode.apache.org%3E
lists.apache.org/thread.html/232d75150991820d2fe6ba6bd4265fb58b4fe4d9d8d62eb2fd97256c%40%3Cdev.geode.apache.org%3E
lists.apache.org/thread.html/3a48163ca1fff757aefa4d9df24a251bb11ddd599a78cd85585abd00%40%3Cdev.geode.apache.org%3E
Related
prion
prion
Remote code execution
2018-01-10 03:29:00
veracode
veracode
Unauthorized Read And Write Access
2018-01-10 07:58:19
github
github
Apache Geode OQL method invocation vulnerability
2022-05-14 00:57:16
cvelist
cvelist
CVE-2017-9795
2018-01-10 03:00:00
nvd
nvd
CVE-2017-9795
2018-01-10 03:29:00
osv
osv
Apache Geode OQL method invocation vulnerability
2022-05-14 00:57:16
cve
cve
CVE-2017-9795
2018-01-10 03:29:00