CVE-2017-15694: Pivotal GemFire and Cloud Cache consume vulnerable versions of Apache Geode
Severity
Medium
Vendor
Pivotal Cloud Foundry
Description
Pivotal Cloud Cache versions prior to 1.8.1 and Pivotal GemFire versions prior to 9.8.3 consume vulnerable versions of Apache Geode. When the vulnerable Apache Geode server is operating in secure mode, a user with write permissions for specific data regions can modify internal cluster metadata. A malicious user could modify this data in a way that affects the operation of the cluster.
Affected VMware Products and Versions
Severity is medium unless otherwise noted.
- Pivotal Cloud Cache 1.8 versions prior to 1.8.1
- Pivotal GemFire 9.8 versions prior to 9.8.3
Mitigation
Users of affected versions should apply the following mitigation:
- Releases that have fixed this issue include:
- Pivotal Cloud Cache: 1.8.1
- Pivotal GemFire: 9.8.3
References
History
2019-08-15: Initial vulnerability report published