WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2017-15696 Vulnerability in maven package org.apache.geode:geode-core

Description

When an Apache Geode cluster before v1.4.0 is operating in secure mode, the Geode configuration service does not properly authorize configuration requests. This allows an unprivileged user who gains access to the Geode locator to extract configuration data and previously deployed application code.

Remediation

References

https://lists.apache.org/thread.html/28989e6ed0d3c29e46a489ae508302a50407a40691d5dc968f78cd3f%40%3Cdev.geode.apache.org%3E

Related Vulnerabilities

CVE-2018-1000150 Vulnerability in maven package org.jenkins-ci.plugins:reverse-proxy-auth-plugin

CVE-2017-2606 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2018-1000176 Vulnerability in maven package org.jenkins-ci.plugins:email-ext

CVE-2018-1337 Vulnerability in maven package org.apache.directory.api:api-ldap-client-api

CVE-2018-14731 Vulnerability in npm package parcel-bundler

Severity

High

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N