Main Vulnerability Database Vulnerabilities #VU59173

#VU59173 Improper neutralization of special elements in output used by a downstream component in Apache Geode - CVE-2021-34797

Published: January 4, 2022

Vulnerability identifier: #VU59173

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2021-34797

CWE-ID: CWE-74

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Apache Geode

Software vendor:
Apache Foundation

Description

The vulnerability allows a remote user to alter log files.

The vulnerability exists due to improper input validation when parsing values that begin with characters other than letters or numbers for passwords and security properties with the prefix "sysprop-", "javax.net.ssl", or "security-". A remote user can inject specially crafted characters into log files and alter them, hiding initial information.

Remediation

Install updates from vendor's website.

External links

http://seclists.org/oss-sec/2022/q1/0

#VU59173 Improper neutralization of special elements in output used by a downstream component in Apache Geode - CVE-2021-34797

Description

Remediation

External links

Please verify you're human