7.5

CVE-2017-7686

Apache Ignite 1.0.0-RC3 to 2.0 uses an update notifier component to update the users about new project releases that include additional functionality, bug fixes and performance improvements. To do that the component communicates to an external PHP server (http://ignite.run) where it needs to send some system properties like Apache Ignite or Java version. Some of the properties might contain user sensitive information.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApacheIgnite Version1.0.0
ApacheIgnite Version1.0.0 Updaterc3
ApacheIgnite Version1.1.0
ApacheIgnite Version1.2.0
ApacheIgnite Version1.3.0
ApacheIgnite Version1.4.0
ApacheIgnite Version1.5.0 Updateb1
ApacheIgnite Version1.5.0 Updatefinal
ApacheIgnite Version1.6.0
ApacheIgnite Version1.7.0
ApacheIgnite Version1.8.0
ApacheIgnite Version1.9.0
ApacheIgnite Version2.0.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.17% 0.767
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://www.securityfocus.com/bid/99292
Third Party Advisory
VDB Entry