CVE-2020-1963

CWE-862Missing AuthorizationCWE-863Incorrect Authorization6 documents6 sources
Severity
9.1CRITICAL
EPSS
4.7%
top 10.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apache Ignite
Timeline
PublishedJun 3
Latest updateJun 15

Description

Apache Ignite uses H2 database to build SQL distributed execution engine. H2 provides SQL functions which could be used by attacker to access to a filesystem.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 3.9 | Impact: 5.2

Affected Packages3 packages

NVDapache/ignite2.8.0
CVEListV5apache_igniteAll versions of Apache Ignite up to 2.8

🔴Vulnerability Details

3
GHSA
File system access via H2 in Apache Ignite2020-06-05
OSV
File system access via H2 in Apache Ignite2020-06-05
CVEList
CVE-2020-1963: Apache Ignite uses H2 database to build SQL distributed execution engine2020-06-03

📋Vendor Advisories

1
Red Hat
ignite: access to file system through predefined H2 SQL functions2020-06-06

💬Community

1
Bugzilla
CVE-2020-1963 ignite: access to file system through predefined H2 SQL functions2020-06-15
CVE-2020-1963 (CRITICAL CVSS 9.1) | Apache Ignite uses H2 database to b | cvebase.io