Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2017-15696 Vulnerability in maven package org.apache.geode:geode-core

Description

When an Apache Geode cluster before v1.4.0 is operating in secure mode, the Geode configuration service does not properly authorize configuration requests. This allows an unprivileged user who gains access to the Geode locator to extract configuration data and previously deployed application code.

Remediation

References

https://lists.apache.org/thread.html/28989e6ed0d3c29e46a489ae508302a50407a40691d5dc968f78cd3f%40%3Cdev.geode.apache.org%3E

Related Vulnerabilities

CVE-2016-0706 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core

CVE-2022-24725 Vulnerability in npm package shescape

CVE-2021-36151 Vulnerability in maven package org.apache.gobblin:gobblin-core

CVE-2023-50719 Vulnerability in maven package org.xwiki.platform:xwiki-platform-mail-general

CVE-2022-24762 Vulnerability in npm package sysend

Severity

High

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N