Latest apache geode Vulnerabilities

CVE-2022-34870
Apache Geode versions up to 1.15.0 are vulnerable to a Cross-Site Scripting (XSS) via data injection when using Pulse web application to view Region entries.
Apache Geode<=1.15.0
CVE-2022-37022
Apache Geode versions up to 1.12.2 and 1.13.2 are vulnerable to a deserialization of untrusted data flaw when using JMX over RMI on Java 11. Any user wishing to protect against deserialization attacks...
Apache Geode<=1.12.2
Apache Geode>=1.13.0<=1.13.2
CVE-2022-37023
Apache Geode versions prior to 1.15.0 are vulnerable to a deserialization of untrusted data flaw when using REST API on Java 8 or Java 11. Any user wishing to protect against deserialization attacks i...
Apache Geode<1.15.0
CVE-2022-37021
Apache Geode versions up to 1.12.5, 1.13.4 and 1.14.0 are vulnerable to a deserialization of untrusted data flaw when using JMX over RMI on Java 8. Any user still on Java 8 who wishes to protect again...
Apache Geode<=1.12.5
Apache Geode>=1.13.0<=1.13.4
Apache Geode=1.14.0
CVE-2021-34797
Apache Geode versions up to 1.12.4 and 1.13.4 are vulnerable to a log file redaction of sensitive information flaw when using values that begin with characters other than letters or numbers for passwo...
Apache Geode<=1.12.4
Apache Geode>=1.13.0<=1.13.4
CVE-2019-10091
When TLS is enabled with ssl-endpoint-identification-enabled set to true, Apache Geode fails to perform hostname verification of the entries in the certificate SAN during the SSL handshake. This could...
maven/org.apache.geode:geode-core<1.10.0
Apache Geode=1.9.0
CVE-2020-1938
Apache Tomcat Improper Privilege Management Vulnerability
redhat/tomcat6<0:6.0.24-114.el6_10
redhat/tomcat<0:7.0.76-11.el7_7
redhat/tomcat<0:7.0.76-10.el7_6
redhat/jbossweb<0:7.5.30-2.Final_redhat_2.1.ep6.el5
redhat/glassfish-jsf12-eap6<0:1.2.15-11.b01_SP2_redhat_2.1.ep6.el5
redhat/hornetq<0:2.3.25-29.SP31_redhat_00001.1.ep6.el5
and 265 more
CVE-2014-0048
An issue was found in Docker before 1.6.0. Some programs and scripts in Docker are downloaded via HTTP and then executed or used in unsafe ways.
debian/docker.io
Docker Docker<1.5.0
Apache Geode=1.12.0
CVE-2019-14892
A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5, and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 ...
FasterXML jackson-databind>=2.0.0<2.6.7.3
FasterXML jackson-databind>=2.7.0<2.8.11.5
FasterXML jackson-databind>=2.9.0<2.9.10
Redhat Decision Manager=7.0
Redhat Jboss Data Grid
Redhat Jboss Data Grid=7.0.0
and 86 more
CVE-2017-15694
When an Apache Geode server versions 1.0.0 to 1.8.0 is operating in secure mode, a user with write permissions for specific data regions can modify internal cluster metadata. A malicious user could mo...
Apache Geode>=1.0.0<=1.8.0
CVE-2017-15695
When an Apache Geode server versions 1.0.0 to 1.4.0 is configured with a security manager, a user with DATA:WRITE privileges is allowed to deploy code by invoking an internal Geode function. This allo...
Apache Geode>=1.0.0<=1.4.0
maven/org.apache.geode:geode-core>=1.0.0<1.5.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203