All Vulnerability Reports

CVE-2017-15694: Pivotal GemFire and Cloud Cache consume vulnerable versions of Apache Geode


Severity

Medium

Vendor

Pivotal Cloud Foundry

Description

Pivotal Cloud Cache versions prior to 1.8.1 and Pivotal GemFire versions prior to 9.8.3 consume vulnerable versions of Apache Geode. When the vulnerable Apache Geode server is operating in secure mode, a user with write permissions for specific data regions can modify internal cluster metadata. A malicious user could modify this data in a way that affects the operation of the cluster.

Affected VMware Products and Versions

Severity is medium unless otherwise noted.

  • Pivotal Cloud Cache 1.8 versions prior to 1.8.1
  • Pivotal GemFire 9.8 versions prior to 9.8.3

Mitigation

Users of affected versions should apply the following mitigation:

  • Releases that have fixed this issue include:
    • Pivotal Cloud Cache: 1.8.1
    • Pivotal GemFire: 9.8.3

References

History

2019-08-15: Initial vulnerability report published