Sign-up

ID

VAR-201911-0266


CVE

CVE-2019-5289


TITLE

ManageOne Vulnerable to out-of-bounds reading

Trust: 0.8

sources: JVNDB: JVNDB-2019-011935

DESCRIPTION

Gauss100 OLTP database in ManageOne with versions of 6.5.0 have an out-of-bounds read vulnerability due to the insufficient checks of the specific packet length. Attackers can construct invalid packets to attack the active and standby communication channels. Successful exploit of this vulnerability could allow the attacker to crash the database on the standby node. ManageOne Contains an out-of-bounds vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Huawei ManageOne is a set of cloud data center management solutions developed by China's Huawei (Huawei). The product supports unified management of heterogeneous cloud resource pools, and provides functions such as multi-level VDC matching customer organization model, service catalog planning, self-service, centralized alarm analysis, and intelligent operation and maintenance. There is a buffer error vulnerability in the Gauss100 OLTP database in Huawei ManageOne version 6.5.0

Trust: 1.71

sources: NVD: CVE-2019-5289 // JVNDB: JVNDB-2019-011935 // VULHUB: VHN-156724

AFFECTED PRODUCTS

vendor:huaweimodel:manageonescope:eqversion:6.5.0

Trust: 2.4

sources: JVNDB: JVNDB-2019-011935 // CNNVD: CNNVD-201909-1197 // NVD: CVE-2019-5289

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-5289
value: HIGH

Trust: 1.0

NVD: CVE-2019-5289
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201909-1197
value: HIGH

Trust: 0.6

VULHUB: VHN-156724
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-5289
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-156724
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-5289
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2019-5289
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-156724 // JVNDB: JVNDB-2019-011935 // CNNVD: CNNVD-201909-1197 // NVD: CVE-2019-5289

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.9

sources: VULHUB: VHN-156724 // JVNDB: JVNDB-2019-011935 // NVD: CVE-2019-5289

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201909-1197

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201909-1197

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-011935

PATCH
title:huawei-sa-20190925-01-databaseurl:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190925-01-database-en
Trust: 0.8
title:Huawei ManageOne Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98603
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-011935 // 
            
            
            
            CNNVD: CNNVD-201909-1197

EXTERNAL IDS
db:NVDid:CVE-2019-5289
Trust: 2.5
db:JVNDBid:JVNDB-2019-011935
Trust: 0.8
db:CNNVDid:CNNVD-201909-1197
Trust: 0.7
db:VULHUBid:VHN-156724
Trust: 0.1
sources:
            
            
            VULHUB: VHN-156724 // 
            
            
            
            JVNDB: JVNDB-2019-011935 // 
            
            
            
            CNNVD: CNNVD-201909-1197 // 
            
            
            
            NVD: CVE-2019-5289

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190925-01-database-en
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-5289
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5289
Trust: 0.8
url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20190925-01-database-cn
Trust: 0.6
sources:
            
            
            VULHUB: VHN-156724 // 
            
            
            
            JVNDB: JVNDB-2019-011935 // 
            
            
            
            CNNVD: CNNVD-201909-1197 // 
            
            
            
            NVD: CVE-2019-5289

SOURCES
db:VULHUBid:VHN-156724
db:JVNDBid:JVNDB-2019-011935
db:CNNVDid:CNNVD-201909-1197
db:NVDid:CVE-2019-5289

LAST UPDATE DATE
2024-11-23T22:25:45.004000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-156724date:2019-11-15T00:00:00
db:JVNDBid:JVNDB-2019-011935date:2019-11-21T00:00:00
db:CNNVDid:CNNVD-201909-1197date:2019-11-18T00:00:00
db:NVDid:CVE-2019-5289date:2024-11-21T04:44:40.787

SOURCES RELEASE DATE
db:VULHUBid:VHN-156724date:2019-11-13T00:00:00
db:JVNDBid:JVNDB-2019-011935date:2019-11-21T00:00:00
db:CNNVDid:CNNVD-201909-1197date:2019-09-25T00:00:00
db:NVDid:CVE-2019-5289date:2019-11-13T17:15:14.007