CVE-2017-9795

Name of the Vulnerable Software and Affected Versions Apache Geode versions prior to 1.3.0

Description The issue allows a user with read access to specific regions within a Geode cluster to execute OQL queries, enabling read and write access to objects within unauthorized regions. Furthermore, a user could invoke methods that allow remote code execution.

Recommendations For Apache Geode versions prior to 1.3.0, update to version 1.3.0 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive regions and limiting the execution of OQL queries to authorized users. Restrict access to methods that could allow remote code execution to minimize the risk of exploitation.