CVE-2017-15694: Pivotal GemFire and Cloud Cache consume vulnerable versions of Apache Geode
Pivotal Cloud Foundry
Pivotal Cloud Cache versions prior to 1.8.1 and Pivotal GemFire versions prior to 9.8.3 consume vulnerable versions of Apache Geode. When the vulnerable Apache Geode server is operating in secure mode, a user with write permissions for specific data regions can modify internal cluster metadata. A malicious user could modify this data in a way that affects the operation of the cluster.
Affected VMware Products and Versions
Severity is medium unless otherwise noted.
- Pivotal Cloud Cache 1.8 versions prior to 1.8.1
- Pivotal GemFire 9.8 versions prior to 9.8.3
Users of affected versions should apply the following mitigation:
- Releases that have fixed this issue include:
- Pivotal Cloud Cache: 1.8.1
- Pivotal GemFire: 9.8.3
2019-08-15: Initial vulnerability report published