CVE-2017-15696

Name of the Vulnerable Software and Affected Versions: Apache Geode versions prior to 1.4.0

Description: The issue arises when an Apache Geode cluster operates in secure mode, and the Geode configuration service fails to properly authorize configuration requests. This allows an unprivileged user with access to the Geode locator to extract configuration data and previously deployed application code.

Recommendations: For versions prior to 1.4.0, update to version 1.4.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the Geode locator to minimize the risk of exploitation.