Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2017-15692 Vulnerability in maven package org.apache.geode:geode-core

Description

In Apache Geode before v1.4.0, the TcpServer within the Geode locator opens a network port that deserializes data. If an unprivileged user gains access to the Geode locator, they may be able to cause remote code execution if certain classes are present on the classpath.

Remediation

References

http://www.securityfocus.com/bid/103205

https://lists.apache.org/thread.html/d0e00f2e147a9e9b13a6829133092f349b2882bf6860397368a52600%40%3Cannounce.tomcat.apache.org%3E

Related Vulnerabilities

CVE-2021-23555 Vulnerability in npm package vm2

CVE-2018-11770 Vulnerability in maven package org.apache.spark:spark-core

CVE-2019-25103 Vulnerability in npm package simple-markdown

CVE-2020-13110 Vulnerability in npm package kerberos

CVE-2022-36910 Vulnerability in maven package org.jenkins-ci.plugins:lucene-search

Severity

Critical

Classification

CWE-502 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Third Party Advisory VDB Entry