cvedb.io
CVE-2017-15692
CRITICAL · CVSS 9.8
EPSS exploitation probability: 0%
Published 2018-02-27T15:29:00.207 · Last modified 2026-06-17T01:08:06.373

Summary

In Apache Geode before v1.4.0, the TcpServer within the Geode locator opens a network port that deserializes data. If an unprivileged user gains access to the Geode locator, they may be able to cause remote code execution if certain classes are present on the classpath.

Affected products

apache — geode

Does this affect you?

Add your gear to cvedb and we'll alert you only when apache ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.