CVE-2016-6805

CWE-611XML External Entity (XXE)4 documents4 sources
Severity
5.9MEDIUM
EPSS
0.9%
top 23.96%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apache Ignite
Timeline
PublishedApr 7
Latest updateOct 16

Description

Apache Ignite before 1.9 allows man-in-the-middle attackers to read arbitrary files via XXE in modified update-notifier documents.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages2 packages

NVDapache/ignite1.8

🔴Vulnerability Details

3
GHSA
Moderate severity vulnerability that affects org.apache.ignite:ignite-core2018-10-16
OSV
Moderate severity vulnerability that affects org.apache.ignite:ignite-core2018-10-16
CVEList
CVE-2016-6805: Apache Ignite before 12017-04-07
CVE-2016-6805 (MEDIUM CVSS 5.9) | Apache Ignite before 1.9 allows man | cvebase.io