Back to search
CVE-2017-5649
Published: Apr 4, 2017
Modified: Aug 5, 2024
PUBLISHED
Description
Apache Geode before 1.1.1, when a cluster has enabled security by setting the security-manager property, allows remote authenticated users with CLUSTER:READ but not DATA:READ permission to access the data browser page in Pulse and consequently execute an OQL query that exposes data stored in the cluster.
| Vendor | Product | Versions |
|---|---|---|
Apache Software Foundation | Apache Geode | affected 1.1.0 |
References
97378
vdb-entry
x_refsource_BID
[geode-user] 20170404 [CVE-2017-5649] Apache Geode information disclosure vulnerability
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now