Data Store Vulnerability in Oracle Berkeley DB from Oracle
CVE-2019-2869

7HIGH

Key Information:

Vendor: Oracle
Status: Oracle Berkeley Db
Vendor: CVE Published:; 23 July 2019

Summary

A vulnerability exists in the Data Store component of Oracle Berkeley DB, allowing an unauthenticated attacker with access to the execution environment to compromise the Data Store. Successful exploitation of this vulnerability necessitates human interaction from a user other than the attacker, which means that while the mechanism to exploit it is complex, it can ultimately lead to control over the Data Store. Affected versions include several within the 12.1.6.x range, highlighting the need for prompt security measures to safeguard data integrity, confidentiality, and availability.

Affected Version(s)

Oracle Berkeley DB 12.1.6.1.23

Oracle Berkeley DB 12.1.6.1.26

Oracle Berkeley DB 12.1.6.1.29

References

http://www.oracle.com/technetwork/security-advisory/cpuju...

x_refsource_MISC

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jul 23, 2019
Vulnerability Reserved
Dec 14, 2018