March 22, 2024
Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]
Rewterz Threat Update – Russian Streaming Platform Start Discloses A Data Breach Affecting 7.5M Users
August 31, 2022
Rewterz Threat Advisory – CVE-2022-21165 – Node.js font-converter module Vulnerability
August 31, 2022
Rewterz Threat Update – Russian Streaming Platform Start Discloses A Data Breach Affecting 7.5M Users
August 31, 2022
Rewterz Threat Advisory – CVE-2022-21165 – Node.js font-converter module Vulnerability
August 31, 2022
Severity
High
Analysis Summary
CVE-2022-37023 CVSS:9.8
Apache Geode could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization when using REST API on Java 8 or Java 11. By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2022-37022 CVSS:9.8
Apache Geode could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization when using JMX over RMI on Java 11. By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2022-37021 CVSS:9.8
Apache Geode could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization when using JMX over RMI on Java 8. By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system.
Impact
- Code Execution
Indicators Of Compromise
CVE
- CVE-2022-37023
- CVE-2022-37022
- CVE-2022-37021
Affected Vendors
Apache
Affected Products
- Apache Geode 1.14.4
- Apache Geode 1.12.2
- Apache Geode 1.13.2
Remediation
Upgrade to the latest version of Apache Geode, available from the Apache Website.