cvedb.io
CVE-2017-15695
HIGH · CVSS 8.8
EPSS exploitation probability: 0%
Published 2018-06-13T17:29:00.220 · Last modified 2026-06-17T01:08:06.680

Summary

When an Apache Geode server versions 1.0.0 to 1.4.0 is configured with a security manager, a user with DATA:WRITE privileges is allowed to deploy code by invoking an internal Geode function. This allows remote code execution. Code deployment should be restricted to users with DATA:MANAGE privilege.

Affected products

apache — geode

Does this affect you?

Add your gear to cvedb and we'll alert you only when apache ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.