Apache Geode Remote Code Execution Vulnerability (CVE-2017-9795)
Apache Geode Remote Code Execution Vulnerability (CVE-2017-9795)
Release date:
Updated on:
Affected Systems:
Apache Group Geode <1.3.0
Description:
Bugtraq id: 102488
CVE (CAN) ID: CVE-2017-9795
Geode is a data management platform that provides real-time, consistent access to data-critical applications throughout the entire cloud architecture.
When running in security mode in versions earlier than Geode v1.3.0, users with read permission in a region of the Geode cluster can execute OQL queries, access objects in unauthorized regions, call methods, and remotely execute code.
<* Source: Dan Smith
*>
Suggestion:
Vendor patch:
Apache Group
------------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.apache.org/
Https://lists.apache.org/thread.html/0fc5ea3c1ea06fe7058a0ab56d593914b05f728a6c93c5a6755956c7@%3Cuser.geode.apache.org%3E