Details of VAR-201907-1617

ID

VAR-201907-1617

CVE

CVE-2019-12193

TITLE

H3C H3Cloud OS In SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-007018

DESCRIPTION

H3C H3Cloud OS all versions allows SQL injection via the ear/grid_event sidx parameter. H3C H3Cloud OS Is SQL An injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. H3C H3Cloud OS is a full-stack cloud operating system developed by China H3C (H3C). The system is also compatible with VMware, H3C CAS, KVM, XenServer, PowerVM and other virtualization platforms. The vulnerability stems from the lack of verification of externally input SQL statements in database-based applications. Attackers can exploit this vulnerability to execute illegal SQL commands

Trust: 1.71

sources: NVD: CVE-2019-12193 // JVNDB: JVNDB-2019-007018 // VULHUB: VHN-143915

AFFECTED PRODUCTS

vendor:	h3c	model:	h3cloud os	scope:	eq	version:	*	Trust: 1.0
vendor:	h3c	model:	h3cloud os	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2019-007018 // NVD: CVE-2019-12193

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-12193
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2019-12193
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201907-1123
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-143915
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2019-12193
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-143915
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-12193
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-143915 // JVNDB: JVNDB-2019-007018 // CNNVD: CNNVD-201907-1123 // NVD: CVE-2019-12193

PROBLEMTYPE DATA

problemtype:

CWE-89

Trust: 1.9

sources: VULHUB: VHN-143915 // JVNDB: JVNDB-2019-007018 // NVD: CVE-2019-12193

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201907-1123

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-201907-1123

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-007018

PATCH

title:

H3C CloudOS

url:

http://www.h3c.com/cn/Products___Technology/Products/H3C_Soft/IT_Business/Vocational_Work/Cloud_Manage/

Trust: 0.8

sources: JVNDB: JVNDB-2019-007018

EXTERNAL IDS

db:	NVD	id:	CVE-2019-12193	Trust: 2.5
db:	JVNDB	id:	JVNDB-2019-007018	Trust: 0.8
db:	CNNVD	id:	CNNVD-201907-1123	Trust: 0.7
db:	VULHUB	id:	VHN-143915	Trust: 0.1

sources: VULHUB: VHN-143915 // JVNDB: JVNDB-2019-007018 // CNNVD: CNNVD-201907-1123 // NVD: CVE-2019-12193

REFERENCES

url:	https://laolisafe.com/h3cloud-sql-injection-vulnerability/	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2019-12193	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-12193	Trust: 0.8

sources: VULHUB: VHN-143915 // JVNDB: JVNDB-2019-007018 // CNNVD: CNNVD-201907-1123 // NVD: CVE-2019-12193

SOURCES

db:	VULHUB	id:	VHN-143915
db:	JVNDB	id:	JVNDB-2019-007018
db:	CNNVD	id:	CNNVD-201907-1123
db:	NVD	id:	CVE-2019-12193

LAST UPDATE DATE

2024-11-23T21:52:02.488000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-143915	date:	2019-07-29T00:00:00
db:	JVNDB	id:	JVNDB-2019-007018	date:	2019-07-31T00:00:00
db:	CNNVD	id:	CNNVD-201907-1123	date:	2019-07-30T00:00:00
db:	NVD	id:	CVE-2019-12193	date:	2024-11-21T04:22:24.127

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-143915	date:	2019-07-19T00:00:00
db:	JVNDB	id:	JVNDB-2019-007018	date:	2019-07-31T00:00:00
db:	CNNVD	id:	CNNVD-201907-1123	date:	2019-07-19T00:00:00
db:	NVD	id:	CVE-2019-12193	date:	2019-07-19T16:15:12.383