Vulnerability Details : CVE-2016-6656
An issue was discovered in Pivotal Greenplum before 4.3.10.0. Creation of external tables using GPHDFS protocol has a vulnerability whereby arbitrary commands can be injected into the system. In order to exploit this vulnerability the user must have superuser 'gpadmin' access to the system or have been granted GPHDFS protocol permissions in order to create a GPHDFS external table.
Products affected by CVE-2016-6656
- cpe:2.3:a:pivotal_software:greenplum:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-6656
0.09%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 40 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-6656
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:P |
8.0
|
6.4
|
NIST | |
7.2
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
1.2
|
5.9
|
NIST |
CWE ids for CVE-2016-6656
-
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-6656
-
http://www.securityfocus.com/bid/94954
Pivotal Greenplum CVE-2016-6656 Arbitrary Command Injection Vulnerability
-
https://pivotal.io/security/cve-2016-6656
CVE-2016-6656 Code injection vulnerability via GPHDFS in Greenplum database | Security | PivotalMitigation;Vendor Advisory
Jump to