CVE-2017-15693

Name of the Vulnerable Software and Affected Versions: Apache Geode versions prior to 1.4.0

Description: The issue allows a user with DATA:WRITE access to the cluster to potentially cause remote code execution if certain classes are present on the classpath. This is due to the Geode server storing application objects in serialized form and deserializing them during certain cluster operations and API invocations.

Recommendations: For Apache Geode versions prior to 1.4.0, update to version 1.4.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the cluster to minimize the risk of exploitation, and ensure that only trusted classes are present on the classpath.