{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-25T14:05:37.573","vulnerabilities":[{"cve":{"id":"CVE-2022-37023","sourceIdentifier":"security@apache.org","published":"2022-08-31T07:15:07.420","lastModified":"2026-06-17T04:54:29.317","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Apache Geode versions prior to 1.15.0 are vulnerable to a deserialization of untrusted data flaw when using REST API on Java 8 or Java 11. Any user wishing to protect against deserialization attacks involving REST APIs should upgrade to Apache Geode 1.15 and follow the documentation for details on enabling \"validate-serializable-objects=true\" and specifying any user classes that may be serialized/deserialized with \"serializable-object-filter\". Enabling \"validate-serializable-objects\" may impact performance."},{"lang":"es","value":"Apache Geode versiones anteriores a 1.15.0, son vulnerables a un fallo de deserialización de datos no confiables cuando es usada la API REST en Java versión 8 o Java versión 11. Cualquier usuario que desee protegerse contra los ataques de deserialización que implican las APIs REST debe actualizar a Apache Geode versión 1.15 y seguir la documentación para detalles sobre la habilitación de \"validate-serializable-objects=true\" y especificar cualquier clase de usuario que pueda ser serializada/de serializada con \"serializable-object-filter\". Activar \"validate-serializable-objects\" puede afectar al rendimiento"}],"affected":[{"source":"security@apache.org","affectedData":[{"vendor":"Apache Software Foundation","product":"Apache Geode","platforms":["Java 8 or 11"],"versions":[{"version":"Apache Geode","lessThan":"1.15.0","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-502"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:geode:*:*:*:*:*:*:*:*","versionEndExcluding":"1.15.0","matchCriteriaId":"4C0E002C-C0BB-4B86-AF4B-28E90BBF667A"}]}]}],"references":[{"url":"https://lists.apache.org/thread/6js89pbqrp52zlpwgry5fsdn76gxbbfj","source":"security@apache.org","tags":["Mailing List","Vendor Advisory"]},{"url":"https://lists.apache.org/thread/6js89pbqrp52zlpwgry5fsdn76gxbbfj","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Vendor Advisory"]}]}}]}