CVE-2017-9797
medium
CVSS v3
6.5
CVSS v2
5.8
VIR risk
6.5
Description
Apache Geode vulnerable to Exposure of Sensitive Information
Predictions
Exploit likelihood
75%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Maven | org.apache.geode:geode-core | >=1.0.0,<1.2.1 | 1.2.1 |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| apache | geode | {"endIncluding":"1.2.0"} | |
References
- http://mail-archives.apache.org/mod_mbox/geode-user/201709.mbox/%3cCAEwge-Hrbb7JS8Nygrh7geyFvW4bMZ3AdCmPOzMfvbniipz0bA%40mail.gmail.com%3e
- https://nvd.nist.gov/vuln/detail/CVE-2017-9797
- https://cwiki.apache.org/confluence/display/GEODE/Release+Notes#ReleaseNotes-SecurityVulnerabilities
- https://issues.apache.org/jira/browse/GEODE-3249
- http://mail-archives.apache.org/mod_mbox/geode-user/201709.mbox/%3cCAEwge-Hrbb7JS8Nygrh7geyFvW4bMZ3AdCmPOzMfvbniipz0bA@mail.gmail.com%3e
CWEs
CWE-200
Verify integrity in audit chain (admin only). AS-IS.