CVE-2019-2760 - OpenCVE

Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are 12.1.6.1.23, 12.1.6.1.26, 12.1.6.1.29, 12.1.6.1.36, 12.1.6.2.23 and 12.1.6.2.32. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Data Store. CVSS 3.0 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Local

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:H/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Oracle	Berkeley Db

Configuration 1 [-]

OR	cpe:2.3:a:oracle:berkeley_db:12.1.6.1.23:::::::*
	cpe:2.3:a:oracle:berkeley_db:12.1.6.1.26:::::::*
	cpe:2.3:a:oracle:berkeley_db:12.1.6.1.29:::::::*
	cpe:2.3:a:oracle:berkeley_db:12.1.6.1.36:::::::*
	cpe:2.3:a:oracle:berkeley_db:12.1.6.2.23:::::::*
	cpe:2.3:a:oracle:berkeley_db:12.1.6.2.32:::::::*

No data.

References

Link	Providers
http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: oracle

Published: 2019-07-23T22:31:44

Updated: 2024-08-04T18:56:45.580Z

Reserved: 2018-12-14T00:00:00

Link: CVE-2019-2760

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2019-07-23T23:15:39.773

Modified: 2020-08-24T17:37:01.140

Link: CVE-2019-2760

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Oracle Berkeley DB", "vendor": "Oracle Corporation", "versions": [{"status": "affected", "version": "12.1.6.1.23"}, {"status": "affected", "version": "12.1.6.1.26"}, {"status": "affected", "version": "12.1.6.1.29"}, {"status": "affected", "version": "12.1.6.1.36"}, {"status": "affected", "version": "12.1.6.2.23"}, {"status": "affected", "version": "12.1.6.2.32"}]}], "descriptions": [{"lang": "en", "value": "Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are 12.1.6.1.23, 12.1.6.1.26, 12.1.6.1.29, 12.1.6.1.36, 12.1.6.2.23 and 12.1.6.2.32. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Data Store. CVSS 3.0 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)."}], "problemTypes": [{"descriptions": [{"description": "Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Data Store.", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-07-23T22:31:44", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2019-2760", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Oracle Berkeley DB", "version": {"version_data": [{"version_affected": "=", "version_value": "12.1.6.1.23"}, {"version_affected": "=", "version_value": "12.1.6.1.26"}, {"version_affected": "=", "version_value": "12.1.6.1.29"}, {"version_affected": "=", "version_value": "12.1.6.1.36"}, {"version_affected": "=", "version_value": "12.1.6.2.23"}, {"version_affected": "=", "version_value": "12.1.6.2.32"}]}}]}, "vendor_name": "Oracle Corporation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are 12.1.6.1.23, 12.1.6.1.26, 12.1.6.1.29, 12.1.6.1.36, 12.1.6.2.23 and 12.1.6.2.32. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Data Store. CVSS 3.0 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Data Store."}]}]}, "references": {"reference_data": [{"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "refsource": "MISC", "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T18:56:45.580Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"}]}]}, "cveMetadata": {"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2019-2760", "datePublished": "2019-07-23T22:31:44", "dateReserved": "2018-12-14T00:00:00", "dateUpdated": "2024-08-04T18:56:45.580Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:berkeley_db:12.1.6.1.23:*:*:*:*:*:*:*", "matchCriteriaId": "96D12C0E-6500-45CB-AF96-7D7FFF7F7669", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:berkeley_db:12.1.6.1.26:*:*:*:*:*:*:*", "matchCriteriaId": "7E78BDA1-F12C-42FD-8338-A2A4F467F337", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:berkeley_db:12.1.6.1.29:*:*:*:*:*:*:*", "matchCriteriaId": "C2312C11-A879-4676-AEDC-880826447687", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:berkeley_db:12.1.6.1.36:*:*:*:*:*:*:*", "matchCriteriaId": "B4408083-2153-4F0C-BA9E-F57ED028A2BE", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:berkeley_db:12.1.6.2.23:*:*:*:*:*:*:*", "matchCriteriaId": "67D9C81C-F3A1-4A68-BC8E-5D924CBA75FE", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:berkeley_db:12.1.6.2.32:*:*:*:*:*:*:*", "matchCriteriaId": "AAAD49ED-7A64-4BAC-983B-DD9A8CAE20C1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are 12.1.6.1.23, 12.1.6.1.26, 12.1.6.1.29, 12.1.6.1.36, 12.1.6.2.23 and 12.1.6.2.32. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Data Store. CVSS 3.0 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)."}, {"lang": "es", "value": "Una vulnerabilidad en el componente Data Store de Berkeley DB de Oracle. Las versiones compatibles que est\u00e1n afectadas son 12.1.6.1.23, 12.1.6.1.26, 12.1.6.1.29, 12.1.6.1.36, 12.1.6.2.23 y 12.1.6.2.32. Una vulnerabilidad dif\u00edcil de explotar permite a un atacante no autenticado iniciar sesi\u00f3n en la infraestructura donde se ejecuta Data Store para comprometer a Data Store. Los ataques con \u00e9xito requieren la interacci\u00f3n humana de otra persona distinta al atacante. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en la toma de control de Data Store. CVSS 3.0 Puntuaci\u00f3n Base 7.0 (Impactos de confidencialidad, integridad y disponibilidad). Vector CVSS: (CVSS: 3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)."}], "id": "CVE-2019-2760", "lastModified": "2020-08-24T17:37:01.140", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.7, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 1.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.0, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-07-23T23:15:39.773", "references": [{"source": "secalert_us@oracle.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"}], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}