Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2017-15695

Good to know:

icon
icon

Date: June 13, 2018

When an Apache Geode server versions 1.0.0 to 1.4.0 is configured with a security manager, a user with DATA:WRITE privileges is allowed to deploy code by invoking an internal Geode function. This allows remote code execution. Code deployment should be restricted to users with DATA:MANAGE privilege.

Language: Java

Severity Score

Related Resources (16)

https://github.com/apache/geode/commit/00be4f9774e1adf8e7ccc2664da8005fc30bb11d
https://github.com/apache/geode/commit/954ccb545d24a9c9a35cbd84023a4d7e07032de0
https://nvd.nist.gov/vuln/detail/CVE-2017-15695
http://www.securityfocus.com/bid/104465
https://github.com/apache/geode/commit/90f8f6242927c5e16da64f38bba9abf3d450a305
https://lists.apache.org/thread.html/dc8875c0b924885a884eba6d5bd7dc3f123411b2d33cffd00e351c99@%3Cuser.geode.apache.org%3E
https://github.com/apache/geode/commit/6df14c8b1e3c644f9f810149e80bba0c2f073dab
https://github.com/apache/geode/commit/aa469239860778eb46e09dd7b390aee08f152480
https://cwiki.apache.org/confluence/display/GEODE/Release+Notes#ReleaseNotes-SecurityVulnerabilities
https://github.com/apache/geode
https://github.com/apache/geode/commit/740289c61d60256c6270756bc84b9e24b76e4913
https://lists.apache.org/thread.html/dc8875c0b924885a884eba6d5bd7dc3f123411b2d33cffd00e351c99%40%3Cuser.geode.apache.org%3E
https://github.com/apache/geode/commit/49d28f93fd2ef069693ce15d124ef3a29f22fb7d
https://github.com/apache/geode/pull/1258
https://issues.apache.org/jira/browse/GEODE-3974
https://www.mend.io/vulnerability-database/CVE-2017-15695

Severity Score

Weakness Type (CWE)

Permissions, Privileges, and Access Control

CWE-264

Insufficient Information

NVD-CWE-noinfo

Incorrect Authorization

CWE-863

Top Fix

icon

Upgrade Version

Upgrade to version org.apache.geode:geode-core:1.5.0

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): LOW
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): HIGH
Availability (A): HIGH

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): LOW
Authentication (AU): SINGLE
Confidentiality (C): PARTIAL
Integrity (I): PARTIAL
Availability (A): PARTIAL
Additional information:

Do you need more information?

Contact Us