What is CVE-2017-7686?

CVE-2017-7686 is a high-severity vulnerability in Apache Ignite, classified under Information Disclosure. CVSS score: 7.5/10. Published 2017-06-28.

How severe is CVE-2017-7686?

High severity. CVSS v3 base score is 7.5 out of 10.

Information disclosure in Apache Ignite

CVE-2017-7686

Apache Ignite 1.0.0-RC3 to 2.0 uses an update notifier component to update the users about new project releases that include additional functionality, bug fixes and performance improvements. To do that the component communicates to an exte…

Vulnerability class: Information Disclosure

EPSS: 0.012 (79.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.

Affected products

Apache Ignite — versions 1.0.0, 1.1.0, 1.2.0
Apache Software Foundation Ignite — versions 1.0.0-RC3 to 2.0

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

security@apache.org (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)
security@apache.org (x_refsource_CONFIRM, Third Party Advisory, Mitigation)

Frequently asked questions

What is CVE-2017-7686?: CVE-2017-7686 is a high-severity vulnerability in Apache Ignite, classified under Information Disclosure. CVSS score: 7.5/10. Published 2017-06-28.
How severe is CVE-2017-7686?: High severity. CVSS v3 base score is 7.5 out of 10.