Sign-up

ID

VAR-202002-0573


CVE

CVE-2020-1790


TITLE

GaussDB 200 Injection vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2020-002146

DESCRIPTION

GaussDB 200 with version of 6.5.1 have a command injection vulnerability. The software constructs part of a command using external input from users, but the software does not sufficiently validate the user input. Successful exploit could allow the attacker to inject certain commands. GaussDB 200 There is an injection vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Huawei GaussDB 200 is a distributed parallel relational database system developed by China Huawei (Huawei) based on the open source database Postgres-XC

Trust: 1.71

sources: NVD: CVE-2020-1790 // JVNDB: JVNDB-2020-002146 // VULHUB: VHN-171124

AFFECTED PRODUCTS

vendor:huaweimodel:gaussdb 200scope:eqversion:6.5.1

Trust: 2.4

sources: JVNDB: JVNDB-2020-002146 // CNNVD: CNNVD-202001-1460 // NVD: CVE-2020-1790

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-1790
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-002146
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202001-1460
value: HIGH

Trust: 0.6

VULHUB: VHN-171124
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-1790
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-002146
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-171124
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-1790
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-002146
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-171124 // JVNDB: JVNDB-2020-002146 // CNNVD: CNNVD-202001-1460 // NVD: CVE-2020-1790

PROBLEMTYPE DATA

problemtype:CWE-77

Trust: 1.1

problemtype:CWE-74

Trust: 0.9

sources: VULHUB: VHN-171124 // JVNDB: JVNDB-2020-002146 // NVD: CVE-2020-1790

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202001-1460

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-202001-1460

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-002146

PATCH
title:huawei-sa-20200122-01-gaussurl:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200122-01-gauss-en
Trust: 0.8
title:Huawei GaussDB 200 Fixes for command injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=110710
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-002146 // 
            
            
            
            CNNVD: CNNVD-202001-1460

EXTERNAL IDS
db:NVDid:CVE-2020-1790
Trust: 2.5
db:JVNDBid:JVNDB-2020-002146
Trust: 0.8
db:CNNVDid:CNNVD-202001-1460
Trust: 0.7
db:VULHUBid:VHN-171124
Trust: 0.1
sources:
            
            
            VULHUB: VHN-171124 // 
            
            
            
            JVNDB: JVNDB-2020-002146 // 
            
            
            
            CNNVD: CNNVD-202001-1460 // 
            
            
            
            NVD: CVE-2020-1790

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200122-01-gauss-en
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-1790
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2020-1790
Trust: 0.8
url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200122-01-gauss-cn
Trust: 0.6
sources:
            
            
            VULHUB: VHN-171124 // 
            
            
            
            JVNDB: JVNDB-2020-002146 // 
            
            
            
            CNNVD: CNNVD-202001-1460 // 
            
            
            
            NVD: CVE-2020-1790

SOURCES
db:VULHUBid:VHN-171124
db:JVNDBid:JVNDB-2020-002146
db:CNNVDid:CNNVD-202001-1460
db:NVDid:CVE-2020-1790

LAST UPDATE DATE
2024-11-23T22:48:08.751000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-171124date:2021-07-21T00:00:00
db:JVNDBid:JVNDB-2020-002146date:2020-03-04T00:00:00
db:CNNVDid:CNNVD-202001-1460date:2020-03-02T00:00:00
db:NVDid:CVE-2020-1790date:2024-11-21T05:11:23.190

SOURCES RELEASE DATE
db:VULHUBid:VHN-171124date:2020-02-18T00:00:00
db:JVNDBid:JVNDB-2020-002146date:2020-03-04T00:00:00
db:CNNVDid:CNNVD-202001-1460date:2020-01-22T00:00:00
db:NVDid:CVE-2020-1790date:2020-02-18T03:15:10.997