What is CVE-2017-15696?

CVE-2017-15696 is a high-severity vulnerability in Apache Geode, classified under Information Disclosure. CVSS score: 7.5/10. Published 2018-02-26.

How severe is CVE-2017-15696?

High severity. CVSS v3 base score is 7.5 out of 10.

Information disclosure in Apache Geode

CVE-2017-15696

When an Apache Geode cluster before v1.4.0 is operating in secure mode, the Geode configuration service does not properly authorize configuration requests. This allows an unprivileged user who gains access to the Geode locator to extract c…

Vulnerability class: Information Disclosure

EPSS: 0.020 (78.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.

Affected products

Apache Geode
Apache Software Foundation Geode — versions Apache Geode 1.0.0 to 1.3.0

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

security@apache.org (x_refsource_MISC)

Frequently asked questions

What is CVE-2017-15696?: CVE-2017-15696 is a high-severity vulnerability in Apache Geode, classified under Information Disclosure. CVSS score: 7.5/10. Published 2018-02-26.
How severe is CVE-2017-15696?: High severity. CVSS v3 base score is 7.5 out of 10.