CVE-2017-15694

Опубликовано: 21 июн. 2019

Источник: nvd

CVSS3: 6.5

CVSS2: 4

EPSS Низкий

Описание

When an Apache Geode server versions 1.0.0 to 1.8.0 is operating in secure mode, a user with write permissions for specific data regions can modify internal cluster metadata. A malicious user could modify this data in a way that affects the operation of the cluster.

Ссылки

http://www.securityfocus.com/bid/108870
Third Party Advisory
https://lists.apache.org/thread.html/311505e7b7a045aaa246f0a1935703acacf41b954621b1363c40bf6f%40%3Cuser.geode.apache.org%3E
http://www.securityfocus.com/bid/108870
Third Party Advisory
https://lists.apache.org/thread.html/311505e7b7a045aaa246f0a1935703acacf41b954621b1363c40bf6f%40%3Cuser.geode.apache.org%3E

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:apache:geode:*:*:*:*:*:*:*:*

Версия от 1.0.0 (включая) до 1.8.0 (включая)

EPSS

Процентиль: 76%

0.00933

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-88

Связанные уязвимости

GHSA-p426-qw2p-v95v