← back
CVE-2017-7686

CVE-2017-7686

EPSS 3.0%
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS EPSS 3.0%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
28 Jun 2017Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Apache Ignite 1.0.0-RC3 to 2.0 uses an update notifier component to update the users about new project releases that include additional functionality, bug fixes and performance improvements. To do that the component communicates to an external PHP server (http://ignite.run) where it needs to send some system properties like Apache Ignite or Java version. Some of the properties might contain user sensitive information.
Affected products
Apache Software Foundation · Apache Ignite

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://apache-ignite-developers.2346864.n4.nabble.com/CVE-2017-7686-Apache-Ignite-Information-Disclosure-td19168.htmlhttp://www.securityfocus.com/bid/99292