CVE-2019-2708: Low severity IBM Cloud Pak for Security (CP4S) vulnerability

Published Apr 23, 2019
·
Updated

An unspecified vulnerability in Oracle Berkeley DB related to the Data Store component could allow an authenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.

Other sources

Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are Prior to 6.138 prior to 6.2.38 and prior to 18.1.32. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Data Store. CVSS 3.0 Base Score 3.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L).

Microsoft

Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are Prior to 6.138, prior to 6.2.38 and prior to 18.1.32. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Data Store. CVSS 3.0 Base Score 3.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L).

MITRE

Affected Software

34 affected componentsFixes available
IBM Cloud Pak for Security (CP4S)<=1.7.2.0
IBM Cloud Pak for Security (CP4S)<=1.7.1.0
IBM Cloud Pak for Security (CP4S)<=1.7.0.0
Oracle Berkeley DB<6.138
Microsoft azl3 libdb 5.3.28-7
Patch available
Microsoft cbl2 libdb 5.3.28-7
Patch available
Microsoft cm1 libdb 5.3.28-6
Patch available
Microsoft azl3 libdb 5.3.28-9
Patch available
Microsoft libdb-devel-5.3.28-7.cm2.x86_64.rpm
Patch available
Microsoft libdb-utils-5.3.28-8.azl3.aarch64.rpm
Patch available
Microsoft libdb-devel-5.3.28-8.azl3.aarch64.rpm
Patch available
Microsoft libdb-5.3.28-8.azl3.aarch64.rpm
Patch available
Microsoft libdb-docs-5.3.28-8.azl3.aarch64.rpm
Patch available
Microsoft libdb-utils-5.3.28-8.azl3.x86_64.rpm
Patch available
Microsoft libdb-docs-5.3.28-8.azl3.x86_64.rpm
Patch available
Microsoft libdb-devel-5.3.28-8.azl3.x86_64.rpm
Patch available
Microsoft libdb-5.3.28-8.azl3.x86_64.rpm
Patch available
Microsoft libdb-docs-5.3.28-7.cm2.aarch64.rpm
Patch available
Microsoft libdb-devel-5.3.28-7.cm2.aarch64.rpm
Patch available
Microsoft libdb-utils-5.3.28-7.cm2.aarch64.rpm
Patch available
Microsoft libdb-5.3.28-7.cm2.aarch64.rpm
Patch available
Microsoft libdb-debuginfo-5.3.28-7.cm2.aarch64.rpm
Patch available
Microsoft libdb-debuginfo-5.3.28-7.cm2.x86_64.rpm
Patch available
Microsoft libdb-utils-5.3.28-7.cm2.x86_64.rpm
Patch available
Microsoft libdb-5.3.28-7.cm2.x86_64.rpm
Patch available
Microsoft libdb-docs-5.3.28-7.cm2.x86_64.rpm
Patch available
Microsoft libdb-debuginfo-5.3.28-6.cm1.aarch64.rpm
Patch available
Microsoft libdb-docs-5.3.28-6.cm1.aarch64.rpm
Patch available
Microsoft libdb-devel-5.3.28-6.cm1.aarch64.rpm
Patch available
Microsoft libdb-5.3.28-6.cm1.aarch64.rpm
Patch available
Microsoft libdb-debuginfo-5.3.28-6.cm1.x86_64.rpm
Patch available
Microsoft libdb-docs-5.3.28-6.cm1.x86_64.rpm
Patch available
Microsoft libdb-devel-5.3.28-6.cm1.x86_64.rpm
Patch available
Microsoft libdb-5.3.28-6.cm1.x86_64.rpm
Patch available

Remediation

Patch Available

http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

Event History

Apr 23, 2019
CVE Published
via MITRE·06:16 PM
Data Sourced
via MITRE·06:16 PM
DescriptionWeakness
Jul 30, 2021
Data Sourced
via Microsoft·12:00 AM
DescriptionSeverityWeaknessAffected Software
Updated
via Microsoft·12:00 AM
Affected Software
Updated
via Microsoft·07:00 AM
SeverityAffected Software
Updated
via Microsoft·07:00 AM
DescriptionSeverityWeakness

Parent advisories

This vulnerability appears in the following advisories.

Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is CVE-2019-2708?

CVE-2019-2708 refers to an unspecified vulnerability in Oracle Berkeley DB related to the Data Store component.

2

What software is affected by CVE-2019-2708?

IBM Cloud Pak for Security (CP4S) versions 1.7.2.0, 1.7.1.0, and 1.7.0.0, as well as Oracle Berkeley DB versions prior to 6.138, 6.2.38, and 18.1.32, are affected by CVE-2019-2708.

3

What is the severity rating of CVE-2019-2708?

CVE-2019-2708 has a severity rating of 3.3 (low).

4

How do I exploit CVE-2019-2708?

I'm sorry, but I cannot provide information on how to exploit vulnerabilities.

5

How can I fix CVE-2019-2708?

To fix CVE-2019-2708, it is recommended to upgrade to a patched version of Oracle Berkeley DB or IBM Cloud Pak for Security (CP4S) if available. Patch information can be found in the provided references.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203