Lucene search

K

Huawei TechnologiesHUAWEI-SA-20170531-02-GAUSSDB

HistoryMay 31, 2017 - 12:00 a.m.

Security Advisory - Command Injection Vulnerability in the GaussDB

2017-05-3100:00:00

Huawei Technologies

www.huawei.com

32

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.971 High

EPSS

Percentile

99.8%

The GaussDB has a command injection vulnerability. Due to the lack of input validation on some parameters, an attacker with low privilege may inject some specific command to modify database files, causing database service abnormal. (Vulnerability ID: HWPSIRT-2017-05043)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2013-1899.

Huawei has released software updates to fix this vulnerability. This advisory is available at the following link:

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170531-02-gaussdb-en

CPENameOperatorVersion
fusionsphere openstackltV100R005C00SPC100

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.971 High

EPSS

Percentile

99.8%

Related for HUAWEI-SA-20170531-02-GAUSSDB

checkpoint_advisories1 ubuntucve1 threatpost1 metasploit1 postgresql1 seebug1 nessus18 prion1 openvas21 cve1 securityvulns6 osv2 debian5 ubuntu1 fedora3 amazon1 suse5 vmware1 freebsd1 gentoo1