CVE-2019-2870

Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are 12.1.6.1.23, 12.1.6.1.26, 12.1.6.1.29, 12.1.6.1.36, 12.1.6.2.23 and 12.1.6.2.32. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Data Store. CVSS 3.0 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).

CVSS v3 7.0 HIGH
CVSS v2.0 3.7 LOW

7.0^/10

CVSS v3 : HIGH

Vector : AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability : 1.0 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

3.7^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:H/Au:N/C:P/I:P/A:P

Exploitability : 1.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity HIGH

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:oracle:berkeley_db:12.1.6.1.23:::::::*
	cpe:2.3:a:oracle:berkeley_db:12.1.6.1.26:::::::*
	cpe:2.3:a:oracle:berkeley_db:12.1.6.1.29:::::::*
	cpe:2.3:a:oracle:berkeley_db:12.1.6.1.36:::::::*
	cpe:2.3:a:oracle:berkeley_db:12.1.6.2.23:::::::*
	cpe:2.3:a:oracle:berkeley_db:12.1.6.2.32:::::::*

History

No history.

Information

Published : 2019-07-23 23:15

Updated : 2023-12-10 12:59

NVD link : CVE-2019-2870

Mitre link : CVE-2019-2870

CVE.ORG link : CVE-2019-2870

JSON object : View

Products Affected

oracle

berkeley_db

CWE

NVD-CWE-noinfo

{"id": "CVE-2019-2870", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.7, "accessVector": "LOCAL", "vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "HIGH", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 1.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.0, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.0}]}, "published": "2019-07-23T23:15:46.897", "references": [{"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "tags": ["Patch", "Vendor Advisory"], "source": "secalert_us@oracle.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are 12.1.6.1.23, 12.1.6.1.26, 12.1.6.1.29, 12.1.6.1.36, 12.1.6.2.23 and 12.1.6.2.32. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Data Store. CVSS 3.0 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)."}, {"lang": "es", "value": "Una vulnerabilidad en el componente Data Store de Berkeley DB de Oracle. Las versiones compatibles que est\u00e1n afectadas son 2.1.6.1.23, 12.1.6.1.26, 12.1.6.1.29, 12.1.6.1.36, 12.1.6.2.23 y 12.1.6.2.32. Una vulnerabilidad dif\u00edcil de explotar permite a un atacante no autenticado iniciar sesi\u00f3n en la infraestructura donde se ejecuta Data Store para comprometer a Data Store. Los ataques con \u00e9xito requieren la interacci\u00f3n humana de otra persona distinta al atacante. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en la toma de control de Data Store. CVSS 3.0 Puntuaci\u00f3n Base 7.0 (Impactos de confidencialidad, integridad y disponibilidad). Vector CVSS: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)."}], "lastModified": "2020-08-24T17:37:01.140", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:berkeley_db:12.1.6.1.23:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "96D12C0E-6500-45CB-AF96-7D7FFF7F7669"}, {"criteria": "cpe:2.3:a:oracle:berkeley_db:12.1.6.1.26:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7E78BDA1-F12C-42FD-8338-A2A4F467F337"}, {"criteria": "cpe:2.3:a:oracle:berkeley_db:12.1.6.1.29:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C2312C11-A879-4676-AEDC-880826447687"}, {"criteria": "cpe:2.3:a:oracle:berkeley_db:12.1.6.1.36:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B4408083-2153-4F0C-BA9E-F57ED028A2BE"}, {"criteria": "cpe:2.3:a:oracle:berkeley_db:12.1.6.2.23:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "67D9C81C-F3A1-4A68-BC8E-5D924CBA75FE"}, {"criteria": "cpe:2.3:a:oracle:berkeley_db:12.1.6.2.32:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AAAD49ED-7A64-4BAC-983B-DD9A8CAE20C1"}], "operator": "OR"}]}], "sourceIdentifier": "secalert_us@oracle.com"}