Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveHuaweiCVE-2019-5278
HistoryDec 13, 2019 - 10:15 p.m.

CVE-2019-5278

2019-12-1322:15:11
CWE-125
huawei
web.nvd.nist.gov
100
cve-2019-5278
gauss100 oltp database
out-of-bounds read vulnerability
advanced packages feature
campusinsight
nvd
sql injection
database security

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

35.0%

JSON

There is an out-of-bounds read vulnerability in the Advanced Packages feature of the Gauss100 OLTP database in CampusInsight before V100R019C00SPC200. Attackers who gain the specific permission can use this vulnerability by sending elaborate SQL statements to the database. Successful exploit of this vulnerability may cause the database to crash.

Affected configurations

Nvd
Vulners
Node
huaweicampusinsightMatchv100r019c00
VendorProductVersionCPE
huaweicampusinsightv100r019c00cpe:2.3:a:huawei:campusinsight:v100r019c00:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "CampusInsight",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "V100R019C00"
      }
    ]
  }
]

Related

cvelist 1
nvd 1
openvas 1
huawei 1
prion 1
cvelist
cvelist
CVE-2019-5278
2019-12-13 21:39:39
nvd
nvd
CVE-2019-5278
2019-12-13 22:15:11
openvas
openvas
Huawei GaussDB 100 OLTP: Cross-Border Access Vulnerability (huawei-sa-20191204-01-gauss100)
2020-01-14 00:00:00
huawei
huawei
Security Advisory - Out-of-bounds Read Vulnerability in Advanced Packages of Gauss100 OLTP Database
2019-12-04 00:00:00
prion
prion
Cross site scripting
2019-12-13 22:15:00

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

35.0%

JSON
Related for CVE-2019-5278
cvelist1nvd1openvas1huawei1prion1