PT-2019-17553 · Huawei · Campusinsight+1
Publicado
2019-12-13
·
Atualizado
2019-12-19
·
CVE-2019-5278
CVSS v3.1
6.5
Média
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
CampusInsight versions prior to V100R019C00SPC200
Description
The issue is related to an out-of-bounds read in the Advanced Packages feature of the Gauss100 OLTP database. Attackers with specific permissions can exploit this by sending elaborate SQL statements to the database, potentially causing it to crash.
Recommendations
For versions prior to V100R019C00SPC200, update to V100R019C00SPC200 or later to resolve the issue. As a temporary workaround, consider restricting access to the Advanced Packages feature to minimize the risk of exploitation.
Correção
Out of bounds Read
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Campusinsight
Gauss100