CVE-2017-15692
Apache Geode unsafe deserialization in TcpServer
9.8
CRITICAL
CVSS 3.1
EPSS 4.7%
Description
In Apache Geode before v1.4.0, the TcpServer within the Geode locator opens a network port that deserializes data. If an unprivileged user gains access to the Geode locator, they may be able to cause remote code execution if certain classes are present on the classpath.
How to fix CVE-2017-15692
To remediate CVE-2017-15692, upgrade the affected package to a fixed version below.
- —upgrade to 1.4.0 or later
Is CVE-2017-15692 being exploited?
Low — EPSS is 4.7%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- >= 1.0.0, < 1.4.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |