PT-2017-19191 · Apache · Apache Geode

Published

2017-09-29

Updated

2022-05-17

CVE-2017-9794

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Apache Geode versions prior to 1.2.1

Description The issue allows a user with read privileges for specific data regions to potentially view unauthorized data when executing queries using the gfsh command line utility in secure mode. This can occur when query results contain data from another user's concurrently executing gfsh query.

Recommendations For Apache Geode versions prior to 1.2.1, update to version 1.2.1 or later to resolve the issue.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2017-9794

GHSA-37M3-QP37-X3C6

Affected Products

Apache Geode

PT-2017-19191 · Apache · Apache Geode

CVE-2017-9794

Weakness Enumeration

Related Identifiers

Affected Products

References · 6