CVE-2017-15696

EPSS 0.61%
Published 26.02.2018 02:29:00
Last modified 21.11.2024 03:15:01
Source security@apache.org
Teams watchlist Login
Open Login

When an Apache Geode cluster before v1.4.0 is operating in secure mode, the Geode configuration service does not properly authorize configuration requests. This allows an unprivileged user who gains access to the Geode locator to extract configuration data and previously deployed application code.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Apache ≫ Geode Version >= 1.0.0 <= 1.3.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.61%	0.688

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://lists.apache.org/thread.html/28989e6ed0d3c29e46a489ae508302a50407a40691d5dc968f78cd3f%40%3Cdev.geode.apache.org%3E

https://nvd.nist.gov/vuln/detail/CVE-2017-15696

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-15696

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-15696

EUVD