SB2020071518 - Multiple vulnerabilities in Oracle Berkeley DB
Published: July 15, 2020
Security Bulletin ID
SB2020071518
Severity
Low
Patch available
YES
Number of vulnerabilities
2
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) Information disclosure (CVE-ID: CVE-2017-10140)
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.The weakness exists due to improper handling of certain configuration files. A remote attacker can read arbitrary data.
2) Improper input validation (CVE-ID: CVE-2020-2981)
The vulnerability allows a local non-authenticated attacker to execute arbitrary code.
The vulnerability exists due to improper input validation within the Data Store in Oracle Berkeley DB. A local non-authenticated attacker can exploit this vulnerability to execute arbitrary code.
Remediation
Install update from vendor's website.