WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2017-15692 Vulnerability in maven package org.apache.geode:geode-core

Description

In Apache Geode before v1.4.0, the TcpServer within the Geode locator opens a network port that deserializes data. If an unprivileged user gains access to the Geode locator, they may be able to cause remote code execution if certain classes are present on the classpath.

Remediation

References

http://www.securityfocus.com/bid/103205

https://lists.apache.org/thread.html/d0e00f2e147a9e9b13a6829133092f349b2882bf6860397368a52600%40%3Cannounce.tomcat.apache.org%3E

Related Vulnerabilities

CVE-2022-25940 Vulnerability in npm package lite-server

CVE-2014-7808 Vulnerability in maven package org.apache.wicket:wicket-util

CVE-2019-1003049 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2016-10707 Vulnerability in maven package org.webjars.bower:jquery

CVE-2023-33202 Vulnerability in maven package org.bouncycastle:bcprov-jdk15on

Severity

Critical

Classification

CWE-502 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Third Party Advisory VDB Entry