Apache Geode Data Browser Page Access Control Bypass Vulnerability

Apache Geode Data Browser Page Access Control Bypass Vulnerability

CVE-2017-5649 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:N/A:N

Apache Geode before 1.1.1, when a cluster has enabled security by setting the security-manager property, allows remote authenticated users with CLUSTER:READ but not DATA:READ permission to access the data browser page in Pulse and consequently execute an OQL query that exposes data stored in the cluster.

Learn more about our User Device Pen Test.