cvedb.io
CVE-2017-15696
HIGH · CVSS 7.5
EPSS exploitation probability: 0%
Published 2018-02-26T02:29:00.317 · Last modified 2026-06-17T01:08:06.783

Summary

When an Apache Geode cluster before v1.4.0 is operating in secure mode, the Geode configuration service does not properly authorize configuration requests. This allows an unprivileged user who gains access to the Geode locator to extract configuration data and previously deployed application code.

Affected products

apache — geode

Does this affect you?

Add your gear to cvedb and we'll alert you only when apache ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.