Lucene search

K
ibmIBM21A7AA039C8A0176C1358EFF080D2A79DFCCCF51A5843C9C98EEACBAA754CD21
HistoryFeb 12, 2019 - 9:20 p.m.

Security Bulletin: IBM Security Guardium is affected by a publicly disclosed vulnerability from Oracle MySQL

2019-02-1221:20:01
www.ibm.com
42

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

5.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:P/A:P

Summary

IBM Security Guardium has addressed the following vulnerabilities.

Vulnerability Details

CVEID: CVE-2018-3060 DESCRIPTION: An unspecified vulnerability in Oracle MySQL related to the Server InnoDB component could allow an authenticated attacker to cause no confidentiality impact, high integrity impact, and high availability impact.
CVSS Base Score: 6.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/146955&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H)

CVEID: CVE-2018-3071 DESCRIPTION: An unspecified vulnerability in Oracle MySQL related to the Server Audit Log component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 4.9
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/146966&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2018-3074 DESCRIPTION: An unspecified vulnerability in Oracle MySQL related to the Server Server: Security: Roles component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 5.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/146969&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2018-3084 DESCRIPTION: An unspecified vulnerability in Oracle MySQL related to the Server Shell: Core / Client component could allow an authenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.
CVSS Base Score: 2.8
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/146978&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L)

CVEID: CVE-2018-3073 DESCRIPTION: An unspecified vulnerability in Oracle MySQL related to the Server Server: Optimizer component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 6.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/146968&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2018-3062 DESCRIPTION: An unspecified vulnerability in Oracle MySQL related to the Server Server: Memcached component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 5.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/146957&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2018-3065 DESCRIPTION: An unspecified vulnerability in Oracle MySQL related to the Server Server: DML component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 6.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/146960&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2018-3054 DESCRIPTION: An unspecified vulnerability in Oracle MySQL related to the Server Server: DDL component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 4.9
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/146950&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2018-3064 DESCRIPTION: An unspecified vulnerability in Oracle MySQL related to the Server InnoDB component could allow an authenticated attacker to cause no confidentiality impact, low integrity impact, and high availability impact.
CVSS Base Score: 7.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/146959&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H)

CVEID: CVE-2018-3075 DESCRIPTION: An unspecified vulnerability in Oracle MySQL related to the Server Server: Security: Privileges component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 4.9
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/146970&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2018-3067 DESCRIPTION: An unspecified vulnerability in Oracle MySQL related to the Server Server: Replication component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 4.9
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/146962&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2018-3078 DESCRIPTION: An unspecified vulnerability in Oracle MySQL related to the Server Server: DDL component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 4.9
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/146973&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2018-3056 DESCRIPTION: An unspecified vulnerability in Oracle MySQL related to the Server Server: Security: Privileges component could allow an authenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors.
CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/146952&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)

CVEID: CVE-2018-3066 DESCRIPTION: An unspecified vulnerability in Oracle MySQL related to the Server Server: Options component could allow an authenticated attacker to cause low confidentiality impact, low integrity impact, and no availability impact.
CVSS Base Score: 3.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/146961&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N)

CVEID: CVE-2018-3077 DESCRIPTION: An unspecified vulnerability in Oracle MySQL related to the Server Server: DDL component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 4.9
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/146972&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2018-3058 DESCRIPTION: An unspecified vulnerability in Oracle MySQL related to the Server MyISAM component could allow an authenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact.
CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/146954&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)

CVEID: CVE-2018-2598 DESCRIPTION: An unspecified vulnerability in Oracle MySQL related to the Workbench Workbench: Security: Encryption component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors.
CVSS Base Score: 3.7
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/146758&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID: CVE-2018-3079 DESCRIPTION: An unspecified vulnerability in Oracle MySQL related to the Server InnoDB component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 4.9
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/146974&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2018-3082 DESCRIPTION: An unspecified vulnerability in Oracle MySQL related to the Server Server: DDL component could allow an authenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors.
CVSS Base Score: 2.7
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/146977&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N)

CVEID: CVE-2018-3063 DESCRIPTION: An unspecified vulnerability in Oracle MySQL related to the Server Server: Security: Privileges component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 4.9
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/146958&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2018-3070 DESCRIPTION: An unspecified vulnerability in Oracle MySQL related to the Server Client mysqldump component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 6.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/146965&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2018-3080 DESCRIPTION: An unspecified vulnerability in Oracle MySQL related to the Server Server: DDL component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 4.9
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/146975&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2018-3081 DESCRIPTION: An unspecified vulnerability in Oracle MySQL related to the Client Client programs component could allow an authenticated attacker to cause no confidentiality impact, low integrity impact, and high availability impact.
CVSS Base Score: 5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/146976&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H)

CVEID: CVE-2018-3061 DESCRIPTION: An unspecified vulnerability in Oracle MySQL related to the Server Server: DML component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 4.9
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/146956&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected IBM Security Guardium

|

Affected Versions

—|—
IBM Security Guardium | 9 - 9.5
IBM Security Guardium | 10 - 10.5

Remediation/Fixes

Product

|

VRMF

|

Remediation / First Fix

—|—|—
IBM Security Guardium | 9-9.5 | http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM Security&amp;product=ibm/Information+Management/InfoSphere+Guardium&amp;release=9.0&amp;platform=All&amp;function=fixId&amp;fixids=SqlGuard_9.0p775_CombinedFixPackForGPU750_32-bit&amp;includeSupersedes=0&amp;source=fc
IBM Security Guardium | 10-10.5 | https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FInformation+Management%2FInfoSphere+Guardium&amp;fixids=SqlGuard_10.0p512_Sep-24-2018&amp;source=SAR&amp;function=fixId&amp;parent=IBM Security

Workarounds and Mitigations

None

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

5.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:P/A:P