cvedb.io
CVE-2017-5649
HIGH · CVSS 7.5
EPSS exploitation probability: 0%
Published 2017-04-04T18:59:00.233 · Last modified 2026-06-17T01:20:57.490

Summary

Apache Geode before 1.1.1, when a cluster has enabled security by setting the security-manager property, allows remote authenticated users with CLUSTER:READ but not DATA:READ permission to access the data browser page in Pulse and consequently execute an OQL query that exposes data stored in the cluster.

Affected products

apache — geode

Does this affect you?

Add your gear to cvedb and we'll alert you only when apache ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.