Security Vulnerability in Oracle Berkeley DB Data Store Component
CVE-2019-2871

7HIGH

Key Information:

Vendor: Oracle
Status: Oracle Berkeley Db
Vendor: CVE Published:; 23 July 2019

Summary

A vulnerability exists within the Data Store component of Oracle Berkeley DB that may allow an unauthenticated attacker to exploit the system if they have access to the logon infrastructure where Data Store operates. While the attack requires human interaction by someone other than the attacker, it can ultimately lead to the compromise of Data Store functionality. Affected versions include multiple releases, each presenting various risks to data confidentiality, integrity, and availability.

Affected Version(s)

Oracle Berkeley DB 12.1.6.1.23

Oracle Berkeley DB 12.1.6.1.26

Oracle Berkeley DB 12.1.6.1.29

References

http://www.oracle.com/technetwork/security-advisory/cpuju...

x_refsource_MISC

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jul 23, 2019
Vulnerability Reserved
Dec 14, 2018