MidnightBSD

Advisories for teradata

CVE-2015-5401 MEDIUM

Teradata Gateway before 15.00.03.02-1 and 15.10.x before 15.10.00.01-1 and TD Express before 15.00.02.08_Sles10 and 15.00.02.08_Sles11 allow remote attackers to cause a denial of service (database crash) via a malformed CONFIG REQUEST message.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
teradata teradata_express 15.10.00
teradata teradata_express 15.00.00
teradata teradata_gateway *
CVE-2016-7488 HIGH

Teradata Virtual Machine Community Edition v15.10 has insecure file permissions on /etc/luminex/pkgmgr. These could allow a local user to modify its contents and execute commands as root.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
teradata virtual_machine 15.10
CVE-2016-7489 HIGH

Teradata Virtual Machine Community Edition v15.10's perl script /opt/teradata/gsctools/bin/t2a.pl creates files in /tmp in an insecure manner, this may lead to elevated code execution.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
teradata virtual_machine 15.10
CVE-2016-7490 HIGH

The installation script studioexpressinstall for Teradata Studio Express 15.12.00.00 creates files in /tmp insecurely. A malicious local user could create a symlink in /tmp and possibly clobber system files or perhaps elevate privileges.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-59,CWE-264,

Products Affected

Vendor Product Version
teradata studio_express 15.12.00.00
CVE-2019-6499 HIGH

Teradata Viewpoint before 14.0 and 16.20.00.02-b80 contains a hardcoded password of TDv1i2e3w4 for the viewpoint database account (in viewpoint-portal\conf\server.xml) that could potentially be exploited by malicious users to compromise the affected system.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-798,

Products Affected

Vendor Product Version
teradata viewpoint *
teradata viewpoint 16.20.00.02-b80