CVE-2017-15692

moderate-risk
Published 2018-02-27

In Apache Geode before v1.4.0, the TcpServer within the Geode locator opens a network port that deserializes data. If an unprivileged user gains access to the Geode locator, they may be able to cause remote code execution if certain classes are present on the classpath.

Do I need to act?

~
4.7% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
+
Fix available
Upgrade to: 2a70679608120042fa7cbee67f4dd21a085d9588
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Apache

References (4)

Third Party Advisory http://www.securityfocus.com/bid/103205
https://lists.apache.org/thread.html/d0e00f2e147a9e9b13a6829133092f349b2882bf686...
Third Party Advisory http://www.securityfocus.com/bid/103205
https://lists.apache.org/thread.html/d0e00f2e147a9e9b13a6829133092f349b2882bf686...
45
/ 100
moderate-risk
Severity 32/34 · Critical
Exploitability 8/34 · Low
Exposure 5/34 · Minimal