Apache Geode Cluster Unauthorized Read Access Vulnerability

Apache Geode Cluster Unauthorized Read Access Vulnerability

CVE-2017-9796 · LOW Severity

AV:N/AC:M/AU:S/C:P/I:N/A:N

When an Apache Geode cluster before v1.3.0 is operating in secure mode, a user with read access to specific regions within a Geode cluster may execute OQL queries containing a region name as a bind parameter that allow read access to objects within unauthorized regions.

Learn more about our Cis Benchmark Audit For Apache Http Server.