Vulnerability of the Installer component: The general installer for MySQL allows a perpetrator to gain access to read, modify, or delete data, and trigger a service failure.

🗓️ 20 Oct 2023 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 4 Views

The MySQL installer has insufficient input validation, allowing data read, modification, deletion, and service failure.

Reporter	Title	Published	Views	Family All 17
FreeBSD	MySQL -- Multiple vulnerabilities	17 Oct 202300:00	–	freebsd
CNNVD	Oracle MySQL Security Vulnerabilities	17 Oct 202300:00	–	cnnvd
CVE	CVE-2023-22094	17 Oct 202321:03	–	cve
Cvelist	CVE-2023-22094	17 Oct 202321:03	–	cvelist
EUVD	EUVD-2023-26259	3 Oct 202520:07	–	euvd
Tenable Nessus	FreeBSD : MySQL -- Multiple vulnerabilities (22df5074-71cd-11ee-85eb-84a93843eb75)	23 Oct 202300:00	–	nessus
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2023-22094	21 Aug 202500:00	–	nessus
NCSC	Vulnerabilities fixed in Oracle MySQL	19 Oct 202300:00	–	ncsc
NVD	CVE-2023-22094	17 Oct 202322:15	–	nvd
Oracle	Oracle Critical Patch Update Advisory - October 2023	17 Oct 202300:00	–	oracle

Vulners

Node

oracle mysql_installerRange<1.6.8

Source	Link
oracle	www.oracle.com/security-alerts/cpuoct2023.html
cybersecurity-help	www.cybersecurity-help.cz/vdb/SB20231017101
vuldb	www.vuldb.com/ru/
web	www.web.nvd.nist.gov/view/vuln/detail

20 Oct 2023 00:00Current

7.2High risk

Vulners AI Score7.2

CVSS 26.2

CVSS 37.9

EPSS0.00337

installer vulnerability mysql installer input validation data read data modification data deletion service failure