CVE-2016-6656
Published on: 12/16/2016 12:00:00 AM UTC
Last Modified on: 03/23/2021 11:27:10 PM UTC
Certain versions of Greenplum from Pivotal Software contain the following vulnerability:
An issue was discovered in Pivotal Greenplum before 4.3.10.0. Creation of external tables using GPHDFS protocol has a vulnerability whereby arbitrary commands can be injected into the system. In order to exploit this vulnerability the user must have superuser 'gpadmin' access to the system or have been granted GPHDFS protocol permissions in order to create a GPHDFS external table.
- CVE-2016-6656 has been assigned by [email protected] to track the vulnerability - currently rated as HIGH severity.
CVSS3 Score: 7.2 - HIGH
Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
---|---|---|---|
NETWORK | LOW | HIGH | NONE |
Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
UNCHANGED | HIGH | HIGH | HIGH |
CVSS2 Score: 6.5 - MEDIUM
Access Vector ⓘ |
Access Complexity |
Authentication |
---|---|---|
NETWORK | LOW | SINGLE |
Confidentiality Impact |
Integrity Impact |
Availability Impact |
PARTIAL | PARTIAL | PARTIAL |
CVE References
Description | Tags ⓘ | Link |
---|---|---|
CVE-2016-6656 Code injection vulnerability via GPHDFS in Greenplum database | Security | Pivotal | Mitigation Vendor Advisory web.archive.org text/html Inactive LinkNot Archived | CONFIRM pivotal.io/security/cve-2016-6656 |
Pivotal Greenplum CVE-2016-6656 Arbitrary Command Injection Vulnerability | cve.report (archive) text/html | BID 94954 |
There are currently no QIDs associated with this CVE
Known Affected Configurations (CPE V2.3)
Type | Vendor | Product | Version | Update | Edition | Language |
---|---|---|---|---|---|---|
Application | Pivotal Software | Greenplum | All | All | All | All |
- cpe:2.3:a:pivotal_software:greenplum:*:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE