CVE-2019-2870

Name of the Vulnerable Software and Affected Versions Oracle Berkeley DB versions 12.1.6.1.23 through 12.1.6.1.36, 12.1.6.2.23 through 12.1.6.2.32

Description The issue is related to insufficient access control in the Data Store component of Oracle Berkeley DB, allowing an attacker to potentially gain full control over the database. Exploitation of this issue is difficult and requires an unauthenticated attacker with logon access to the infrastructure where Data Store is executed. Successful attacks also require human interaction from a person other than the attacker and can result in the takeover of Data Store.

Recommendations For versions 12.1.6.1.23 through 12.1.6.1.36, consider restricting access to the Data Store component to minimize the risk of exploitation. For versions 12.1.6.2.23 through 12.1.6.2.32, consider implementing additional security measures to prevent unauthorized access to the Data Store component. At the moment, there is no information about a newer version that contains a fix for this vulnerability.