CVE-2017-5649

Apache Geode before 1.1.1, when a cluster has enabled security by setting the security-manager property, allows remote authenticated users with CLUSTER:READ but not DATA:READ permission to access the data browser page in Pulse and consequently execute an OQL query that exposes data stored in the cluster.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:geode:*:*:*:*:*:*:*:*

Information

Published : 2017-04-04 11:59

Updated : 2017-04-11 09:51


NVD link : CVE-2017-5649

Mitre link : CVE-2017-5649


JSON object : View

CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

Advertisement

dedicated server usa

Products Affected

apache

  • geode