Security Bulletin: Security vulnerabilities have been identified in Oracle MySQL shipped with IBM Tivoli Network Manager IP Edition (Oracle Advisory - April 2015)

Summary

Oracle MySQL is shipped as a component of IBM Tivoli Network Manager IP Edition. Information regarding security vulnerabilities affecting Oracle MySQL has been published.
http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html

Vulnerability Details

Tivoli Network Manager IP Edition ships with Oracle MySQL. Oracle has released a Critical Patch Update advisory - April 2015, which contains security vulnerability fixes.

CVEID: CVE-2015-0511**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL Server related to the Server : SP component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 2.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102366 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:M/C:N/I:N/A:P)

CVEID: CVE-2015-2566**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL Server related to the Server : DML component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 2.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102365 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:M/C:N/I:N/A:P)

CVEID: CVE-2015-2567**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL Server related to the Server : Security : Privileges component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 3.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102364 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P)

CVEID: CVE-2015-2568**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL Server related to the Server : Security : Privileges component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102347 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVEID: CVE-2015-2571**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL Server related to the Server : Optimizer component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102355 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P)

CVEID: CVE-2015-2573**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL Server related to the Server : DDLD131:D142 component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102349 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P)

CVEID: CVE-2015-2576**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL Utilities related to the Installation component has no confidentiality impact, partial integrity impact, and no availability impact.
CVSS Base Score: 2.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102367 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:L/Au:N/C:N/I:P/A:N)

CVEID: CVE-2015-0405**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL Server related to the Server : XA component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102359 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P)

CVEID: CVE-2015-0423**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL Server related to the Server : Optimizer component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102354 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P)

CVEID: CVE-2015-0433**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL Server related to the Server : InnoDB : DML component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102353 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P)

CVEID: CVE-2015-0438**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL Server related to the Server : Partition component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102356 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P)

CVEID: CVE-2015-0439**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL Server related to the Server : InnoDB component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102351 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P)

CVEID: CVE-2015-0441**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL Server related to the Server : Security : Encryption component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102358 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P)

CVEID: CVE-2015-0498**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL Server related to the Server : Replication component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 1.7
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102368 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:M/C:N/I:N/A:P)

CVEID: CVE-2015-0499**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL Server related to the Server : Federated component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 3.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102361 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P)

CVEID: CVE-2015-0500**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL Server related to the Server : Information Schema component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102350 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P)

CVEID: CVE-2015-0501**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL Server related to the Server : Compiling component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 5.7
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102346 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:M/C:N/I:N/A:C)

CVEID: CVE-2015-0503**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL Server related to the Server : Partition component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102357 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P)

CVEID: CVE-2015-0505**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL Server related to the Server : DDL component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 3.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102360 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P)

CVEID: CVE-2015-0506**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL Server related to the Server : InnoDB component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 3.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102362 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P)

CVEID: CVE-2015-0507**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL Server related to the Server : Memcached component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 3.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102363 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P)

CVEID: CVE-2015-0508**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL Server related to the Server : InnoDB component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102352 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Affected Products and Versions

Affected Product and Version(s)

| Product and Version shipped as a component
—|—
Tivoli Network Manager 3.8| 3.8 ships both MySQL Connector and MySQLServer 5.0
Tivoli Network Manager 3.9| 3.9 ships MySQL Connector 5.6

Remediation/Fixes

Upgrade MySQL fix as determined below: http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html