Apache Geode before 1.1.1, when a cluster has enabled security by setting the security-manager property, allows remote authenticated users with CLUSTER:READ but not DATA:READ permission to access the data browser page in Pulse and consequently execute an OQL query that exposes data stored in the cluster.
Conclusion & alert: CVE-2017-5649 is rated Moderate Risk (62.3/100): CVSS High severity, with medium exploitation likelihood (EPSS 2.78%).Core evidence: EPSS rose +2.71% over the last day, indicating growing attacker interest.Mandatory action: Review affected assets and schedule remediation.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
Exploit prediction scoring system (EPSS) score for CVE-2017-5649
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).