6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.004 Low
EPSS
Percentile
74.6%
There is a privilege escalation vulnerability in the validator functions of the GaussDB. An attacker may log in to the system as a low-privilege user and execute the high-privilege functions. Then, the attacker may obtain the high-privilege of the GaussDB and crash the system. (Vulnerability ID: HWPSIRT-2017-05015)
This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2014-0061.
There is a privilege escalation vulnerability in the GaussDB. An attacker may log in to the system as a low-privilege user. When the high-privilege user executes specific operation, the attacker could modify the high-privilege user’s tables and crash the system. (Vulnerability ID: HWPSIRT-2017-05171)
This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2014-0062.
Huawei has released software updates to fix these vulnerabilities. This advisory is available at the following link:
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170531-05-gaussdb-en
CPE | Name | Operator | Version |
---|---|---|---|
fusionsphere openstack | eq | V100R005C00SPC100 |