WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2017-15692 Vulnerability in maven package org.apache.geode:geode-core

Description

In Apache Geode before v1.4.0, the TcpServer within the Geode locator opens a network port that deserializes data. If an unprivileged user gains access to the Geode locator, they may be able to cause remote code execution if certain classes are present on the classpath.

Remediation

References

http://www.securityfocus.com/bid/103205

https://lists.apache.org/thread.html/d0e00f2e147a9e9b13a6829133092f349b2882bf6860397368a52600%40%3Cannounce.tomcat.apache.org%3E

Related Vulnerabilities

CVE-2021-26291 Vulnerability in maven package org.apache.maven:apache-maven

CVE-2020-11971 Vulnerability in maven package org.apache.camel:camel-spring

CVE-2017-7684 Vulnerability in maven package org.apache.openmeetings:openmeetings-server

CVE-2018-19057 Vulnerability in maven package org.webjars.npm:simplemde

CVE-2017-7686 Vulnerability in maven package org.apache.ignite:ignite-core

Severity

Critical

Classification

CWE-502 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Third Party Advisory VDB Entry