Back to search
CVE-2017-9795
Published: Jan 10, 2018
Modified: Sep 16, 2024
PUBLISHED
Description
When an Apache Geode cluster before v1.3.0 is operating in secure mode, a user with read access to specific regions within a Geode cluster may execute OQL queries that allow read and write access to objects within unauthorized regions. In addition a user could invoke methods that allow remote code execution.
| Vendor | Product | Versions |
|---|---|---|
Apache Software Foundation | Apache Geode | affected 1.0.0 to 1.2.1 |
References
[user] 20180109 [SECURITY] CVE-2017-9795 Apache Geode OQL method invocation vulnerability
mailing-list
x_refsource_MLIST
102488
vdb-entry
x_refsource_BID
[geode-dev] 20190702 Re: [PROPOSAL]: Improve OQL Method Invocation Security
mailing-list
x_refsource_MLIST
[geode-dev] 20190703 Re: [PROPOSAL]: Improve OQL Method Invocation Security
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now