CVE-2020-1963

 

Published at: - 03-06-2020 03:15

Last modified: - 04-04-2022 03:31

Total changes: - 4

Description

Apache Ignite uses H2 database to build SQL distributed execution engine. H2 provides SQL functions which could be used by attacker to access to a filesystem.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

 

Verification logic

 

Reference

• https://lists.apache.org/thread.html/r1933faf8a26c431f38a5f8dbbfab80254454e54e33a79be474b67dc4%40%3Cdev.ignite.apache.org%3E
• [oss-security] 20200603 [CVE-2020-1963] Apache Ignite access to file system disclosure vulnerability-Mailing List, Third Party Advisory
• [ignite-user] 20200603 RE: [CVE-2020-1963] Apache Ignite access to file system disclosure vulnerability-Mailing List, Vendor Advisory
• [ignite-dev] 20200603 RE: [CVE-2020-1963] Apache Ignite access to file system disclosure vulnerability-Mailing List, Vendor Advisory
• [ignite-dev] 20200605 Re: [CVE-2020-1963] Apache Ignite access to file system disclosure vulnerability-Mailing List, Vendor Advisory
• [ignite-dev] 20200608 Re: [CVE-2020-1963] Apache Ignite access to file system disclosure vulnerability-Mailing List, Vendor Advisory
• [ignite-user] 20200609 Re: [CVE-2020-1963] Apache Ignite access to file system disclosure vulnerability-Mailing List, Vendor Advisory
• [ignite-user] 20200615 Re: [CVE-2020-1963] Apache Ignite access to file system disclosure vulnerability-Mailing List, Vendor Advisory
• [ignite-dev] 20200615 Re: [CVE-2020-1963] Apache Ignite access to file system disclosure vulnerability-Mailing List, Vendor Advisory
• https://www.oracle.com/security-alerts/cpujan2022.html

 

Keywords

NVD

 

CVE-2020-1963

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures