exploitDog

CVE-2020-1811

Опубликовано: 18 фев. 2020

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

GaussDB 200 with version of 6.5.1 have a command injection vulnerability. Due to insufficient input validation, remote attackers with low permissions could exploit this vulnerability by sending crafted commands to the affected device. Successful exploit could allow an attacker to execute commands.

Ссылки

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200120-01-gaussdb200-en
Vendor Advisory
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200120-01-gaussdb200-en
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:huawei:gaussdb_200:6.5.1:*:*:*:*:*:*:*

EPSS

Процентиль: 50%

0.00272

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

GHSA-pmqj-x24q-7m6p

github

больше 3 лет назад

GaussDB 200 with version of 6.5.1 have a command injection vulnerability. Due to insufficient input validation, remote attackers with low permissions could exploit this vulnerability by sending crafted commands to the affected device. Successful exploit could allow an attacker to execute commands.

EPSS

Процентиль: 50%

0.00272

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-20