This vulnerability can be exploited through the following means (further details below): - Via SQL query - Via file In order to exploit this vulnerability, an attacker must be able to run a SQL query on the server.
An attacker must be able to run a SQL query on the server. - Via remote access - Via remote access - Via Web Application
CVE-2019-5719: An issue was discovered in certain Red Hat Enterprise Linux and SUSE Linux Enterprise Server installations. Malicious users can exploit this issue to gain elevated privileges. Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7 are not affected by this issue. This issue does not affect Red Hat Enterprise Linux 5 installations. Note: Red Hat has provided a fixed package for RHEL5 from RHSA-2019:0570. An issue was discovered in certain Red Hat Enterprise Linux and SSuSE Linux Enterprise Server installations. Malicious users can exploit this issue to gain elevated privileges. Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7 are not affected by this issue. This issue does not affect Red Hat Enterprise Linux 5 installations. Note: Red Hat has provided a fixed package for RHEL5 from RHSA-2019:0570. Red Hat Enterprise Linux 7 users are advised to upgrade to Red Hat Enterprise Linux 5.6 as a precaution. CVSS 4.7 (Confidentiality, Integrity and Availability impacts). Red Hat has rated this issue as critical. Red Hat Enterprise Linux 6 users are advised to
Vulnerability Description
A remote code execution vulnerability has been discovered in certain Red Hat Enterprise Linux and SSuSE Linux Enterprise Server installations. Malicious users can exploit this issue to gain elevated privileges. This vulnerability affects Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7 only. This issue does not affect Red Hat Enterprise Linux 5 installations.
An attacker must be able to run a SQL query on the server. - Via remote access - Via remote access - Via Web Application
Vulnerability overview
Red Hat discovered a vulnerability in certain Red Hat Enterprise Linux and SSuSE Linux Enterprise Server installations. Malicious users can exploit this issue to gain elevated privileges. Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7 are not affected by this issue. This issue does not affect Red Hat Enterprise Linux 5 installations. Note: Red Hat has provided a fixed package for RHEL5 from RHSA-2019:0570.
Summary
Newly discovered vulnerabilities, CVSS 4.7 (Confidentiality, Integrity and Availability impacts).
Red Hat Enterprise Linux 7 users are advised to upgrade to Red Hat Enterprise Linux 5.6 as a precaution.
Overview of the Vulnerability
Within the affected software, a flaw exists in the way that certain users are assigned privileges. This issue is exploitable by a malicious user who has access to the affected software as it allows them to elevate their privileges and perform actions which are otherwise not possible. This vulnerability can cause issues with functionality, rendering systems unusable. The vulnerability can also be used in conjunction with other vulnerabilities in order to gain even more impactful access.
Timeline
Published on: 10/18/2022 21:15:00 UTC
Last modified on: 10/18/2022 21:18:00 UTC