Vulnerability CVE-2019-5278
Published: 2019-12-13

Description:
There is an out-of-bounds read vulnerability in the Advanced Packages feature of the Gauss100 OLTP database in CampusInsight before V100R019C00SPC200. Attackers who gain the specific permission can use this vulnerability by sending elaborate SQL statements to the database. Successful exploit of this vulnerability may cause the database to crash.

Type:

CWE-125

 (Out-of-bounds Read)

CVSS2 => (AV:N/AC:L/Au:S/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4/10
2.9/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial
Affected software
Huawei -> Campusinsight 

 References:
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-01-gauss100-en
Copyright 2024, cxsecurity.com

 

Back to Top