Vulnerabilities > CVE-2016-6805 - XXE vulnerability in Apache Ignite

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

high complexity

NVD

Published: 2017-04-07

Updated: 2017-04-13

Summary

Apache Ignite before 1.9 allows man-in-the-middle attackers to read arbitrary files via XXE in modified update-notifier documents.

Part	Description	Count
Application	Apache Apache Ignite 1.0.0 Apache Ignite 1.0.1 Apache Ignite 1.0.2 Apache Ignite 1.1.0 Apache Ignite 1.1.3 Apache Ignite 1.1.4 Apache Ignite 1.2.0 Apache Ignite 1.3.0 Apache Ignite 1.3.1 Apache Ignite 1.3.2 Apache Ignite 1.3.3 Apache Ignite 1.4.0 Apache Ignite 1.4.1 Apache Ignite 1.5.0 Apache Ignite 1.6.0 Apache Ignite 1.6.4 Apache Ignite 1.7.0 Apache Ignite 1.7.10	22