Sign-up

ID

VAR-201912-0057


CVE

CVE-2019-5278


TITLE

CampusInsight Vulnerable to out-of-bounds reading

Trust: 0.8

sources: JVNDB: JVNDB-2019-013325

DESCRIPTION

There is an out-of-bounds read vulnerability in the Advanced Packages feature of the Gauss100 OLTP database in CampusInsight before V100R019C00SPC200. Attackers who gain the specific permission can use this vulnerability by sending elaborate SQL statements to the database. Successful exploit of this vulnerability may cause the database to crash. CampusInsight Contains an out-of-bounds vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. The following products and versions are affected: CampusInsight V100R019C00

Trust: 1.71

sources: NVD: CVE-2019-5278 // JVNDB: JVNDB-2019-013325 // VULHUB: VHN-156713

AFFECTED PRODUCTS

vendor:huaweimodel:campusinsightscope:eqversion:v100r019c00

Trust: 1.6

vendor:huaweimodel:campusinsightscope:ltversion:v100r019c00spc200

Trust: 0.8

sources: JVNDB: JVNDB-2019-013325 // CNNVD: CNNVD-201912-201 // NVD: CVE-2019-5278

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-5278
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-5278
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201912-201
value: MEDIUM

Trust: 0.6

VULHUB: VHN-156713
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-5278
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-156713
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-5278
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2019-5278
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-156713 // JVNDB: JVNDB-2019-013325 // CNNVD: CNNVD-201912-201 // NVD: CVE-2019-5278

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.9

sources: VULHUB: VHN-156713 // JVNDB: JVNDB-2019-013325 // NVD: CVE-2019-5278

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201912-201

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201912-201

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-013325

PATCH
title:huawei-sa-20191204-01-gauss100url:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-01-gauss100-en
Trust: 0.8
title:Huawei Gauss100 OLTP Database buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=105252
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-013325 // 
            
            
            
            CNNVD: CNNVD-201912-201

EXTERNAL IDS
db:NVDid:CVE-2019-5278
Trust: 2.5
db:JVNDBid:JVNDB-2019-013325
Trust: 0.8
db:CNNVDid:CNNVD-201912-201
Trust: 0.7
db:VULHUBid:VHN-156713
Trust: 0.1
sources:
            
            
            VULHUB: VHN-156713 // 
            
            
            
            JVNDB: JVNDB-2019-013325 // 
            
            
            
            CNNVD: CNNVD-201912-201 // 
            
            
            
            NVD: CVE-2019-5278

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-01-gauss100-en
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-5278
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5278
Trust: 0.8
url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20191204-01-gauss100-cn
Trust: 0.6
sources:
            
            
            VULHUB: VHN-156713 // 
            
            
            
            JVNDB: JVNDB-2019-013325 // 
            
            
            
            CNNVD: CNNVD-201912-201 // 
            
            
            
            NVD: CVE-2019-5278

CREDITS
Huawei
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201912-201

SOURCES
db:VULHUBid:VHN-156713
db:JVNDBid:JVNDB-2019-013325
db:CNNVDid:CNNVD-201912-201
db:NVDid:CVE-2019-5278

LAST UPDATE DATE
2024-11-23T22:16:46.111000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-156713date:2019-12-19T00:00:00
db:JVNDBid:JVNDB-2019-013325date:2019-12-25T00:00:00
db:CNNVDid:CNNVD-201912-201date:2019-12-27T00:00:00
db:NVDid:CVE-2019-5278date:2024-11-21T04:44:39.543

SOURCES RELEASE DATE
db:VULHUBid:VHN-156713date:2019-12-13T00:00:00
db:JVNDBid:JVNDB-2019-013325date:2019-12-25T00:00:00
db:CNNVDid:CNNVD-201912-201date:2019-12-04T00:00:00
db:NVDid:CVE-2019-5278date:2019-12-13T22:15:11.747