6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.971 High
EPSS
Percentile
99.8%
The GaussDB has a command injection vulnerability. Due to the lack of input validation on some parameters, an attacker with low privilege may inject some specific command to modify database files, causing database service abnormal. (Vulnerability ID: HWPSIRT-2017-05043)
This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2013-1899.
Huawei has released software updates to fix this vulnerability. This advisory is available at the following link:
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170531-02-gaussdb-en
CPE | Name | Operator | Version |
---|---|---|---|
fusionsphere openstack | lt | V100R005C00SPC100 |