This page lists publicly disclosed CVE vulnerabilities affecting apache geode (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2017-9797 | When an Apache Geode cluster before v1.2.1 is operating in secure mode, an unauthenticated client can enter multi-user authentication mode and send metadata messages. These metadata operations could leak information about application data types. In addition, an attacker could perform a denial of service attack on the cluster. | [email protected] | 6.5 | 1.36% | 2017-10-03 | 2026-05-13 |
| CVE-2017-9794 | When a cluster is operating in secure mode, a user with read privileges for specific data regions can use the gfsh command line utility to execute queries. In Apache Geode before 1.2.1, the query results may contain data from another user's concurrently executing gfsh query, potentially revealing data that the user is not authorized to view. | [email protected] | 4.3 | 1.18% | 2017-09-30 | 2026-05-13 |
| CVE-2017-5649 | Apache Geode before 1.1.1, when a cluster has enabled security by setting the security-manager property, allows remote authenticated users with CLUSTER:READ but not DATA:READ permission to access the data browser page in Pulse and consequently execute an OQL query that exposes data stored in the cluster. | [email protected] | 7.5 | 2.78% | 2017-04-04 | 2026-05-13 |