nvd-json-data-feeds/CVE-2019/CVE-2019-28xx/CVE-2019-2868.json

{
  "id": "CVE-2019-2868",
  "sourceIdentifier": "secalert_us@oracle.com",
  "published": "2019-07-23T23:15:46.787",
  "lastModified": "2020-08-24T17:37:01.140",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are 12.1.6.1.23, 12.1.6.1.26, 12.1.6.1.29, 12.1.6.1.36, 12.1.6.2.23 and 12.1.6.2.32. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Data Store. CVSS 3.0 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en el componente Data Store de Oracle Berkeley DB. Las versiones compatibles que se ven afectadas son 12.1.6.1.23, 12.1.6.1.26, 12.1.6.1.29, 12.1.6.1.36, 12.1.6.2.23 y 12.1.6.2.32. Una vulnerabilidad dif\u00edcil de explotar permite a un atacante no autenticado iniciar sesi\u00f3n en la infraestructura donde se ejecuta Data Store para comprometer a Data Store. Los ataques con \u00e9xito requieren la interacci\u00f3n humana de otra persona distinta al atacante. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en la toma de control de Data Store. CVSS 3.0 Puntuaci\u00f3n Base 7.0 (Impactos de confidencialidad e integridad y disponibilidad). Vector CVSS: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)."
    }
  ],
  "metrics": {
    "cvssMetricV30": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.0",
          "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "attackVector": "LOCAL",
          "attackComplexity": "HIGH",
          "privilegesRequired": "NONE",
          "userInteraction": "REQUIRED",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 7.0,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 1.0,
        "impactScore": 5.9
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P",
          "accessVector": "LOCAL",
          "accessComplexity": "HIGH",
          "authentication": "NONE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "PARTIAL",
          "baseScore": 3.7
        },
        "baseSeverity": "LOW",
        "exploitabilityScore": 1.9,
        "impactScore": 6.4,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": true
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:oracle:berkeley_db:12.1.6.1.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "96D12C0E-6500-45CB-AF96-7D7FFF7F7669"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:oracle:berkeley_db:12.1.6.1.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E78BDA1-F12C-42FD-8338-A2A4F467F337"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:oracle:berkeley_db:12.1.6.1.29:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2312C11-A879-4676-AEDC-880826447687"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:oracle:berkeley_db:12.1.6.1.36:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4408083-2153-4F0C-BA9E-F57ED028A2BE"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:oracle:berkeley_db:12.1.6.2.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "67D9C81C-F3A1-4A68-BC8E-5D924CBA75FE"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:oracle:berkeley_db:12.1.6.2.32:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAAD49ED-7A64-4BAC-983B-DD9A8CAE20C1"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ]
    }
  ]
}