PT-2018-5436 · Apache · Apache Geode

Published

2018-01-10

Updated

2022-05-14

CVE-2017-12622

CVSS v3.1

7.1

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

Name of the Vulnerable Software and Affected Versions: Apache Geode versions prior to 1.3.0

Description: The issue allows an authenticated user to obtain status information and control cluster members without the necessary CLUSTER:MANAGE privileges when connecting to an Apache Geode cluster in secure mode using the gfsh tool with HTTP.

Recommendations: For Apache Geode versions prior to 1.3.0, update to version 1.3.0 or later to resolve the issue.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2017-12622

GHSA-H22R-H77W-2G5F

Affected Products

Apache Geode

PT-2018-5436 · Apache · Apache Geode

CVE-2017-12622

Weakness Enumeration

Related Identifiers

Affected Products

References · 6