Description
GaussDB 200 with version of 6.5.1 have a command injection vulnerability. Due to insufficient input validation, remote attackers with low permissions could exploit this vulnerability by sending crafted commands to the affected device. Successful exploit could allow an attacker to execute commands.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200120-01-gaussdb200-en
Scores
CVSS v3
8.8
EPSS
0.0026
EPSS Percentile
49.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-20
CWE-77
Status
published
Products (1)
huawei/gaussdb_200
6.5.1
Published
Feb 18, 2020
Tracked Since
Feb 18, 2026