IBM716EC96C631207F23427665E7DD7C3084299A6CC79C687EB5B5D961B7485D319Security Bulletin: IBM Security Guardium is affected by OpenSource Oracle MySQL Vulnerability (multiple CVEs)
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
Summary
IBM Security Guardium is affected by unspecified vulnerabilities in Oracle MySQL Server
Vulnerability Details
CVEID: CVE-2016-0503**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL Server related to the “Server: DML” component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/109978> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CVEID: CVE-2016-0504**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL Server related to the “Server: DML” component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 6.8
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/109974> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:C)
CVEID: CVE-2016-0505**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL Server related to the “Server: Options” component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 6.8
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/109975> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:C)
CVEID: CVE-2016-0546**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL Server related to the Client component could allow a local attacker to execute arbitrary code on the system with elevated privileges.
CVSS Base Score: 7.2
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/109973> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVEID: CVE-2016-0595**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL Server related to the “Server: DML” component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/109977> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CVEID: CVE-2016-0596**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL Server related to the “Server: DML” component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/109979> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CVEID: CVE-2016-0597**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL Server related to the “Server: Optimizer” component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/109981> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CVEID: CVE-2016-0598**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL Server related to the “Server: DML” component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 3.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/109984> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P)
CVEID: CVE-2016-0600**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL Server related to the “Server: InnoDB” component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 3.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/109985> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P)
CVEID: CVE-2016-0606**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL Server related to the “Server: Security: Encryption” component has no confidentiality impact, partial integrity impact, and no availability impact.
CVSS Base Score: 3.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/109989> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N)
CVEID: CVE-2016-0607**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL Server related to the “Server: Replication” component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 2.8
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/109991> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:M/C:N/I:N/A:P)
CVEID: CVE-2016-0608**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL Server related to the “Server: UDF” component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 3.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/109990> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P)
CVEID: CVE-2016-0609**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL Server related to the “Server: Security: Privileges” component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 1.7
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/109994> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:M/C:N/I:N/A:P)
CVEID: CVE-2016-0610**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL Server related to the “Server: InnoDB” component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 3.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/109986> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P)
CVEID: CVE-2016-0611**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL Server related to the “Server: Optimizer” component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/109982> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P)
Affected Products and Versions
IBM Security Guardium 9.0, 9.1, 9.5, 10
Remediation/Fixes
_
VRMF_
|
APAR|
Remediation/First Fix|
—|—|—|—
IBM Security Guardium|
9x|
_PSIRT 69817 _ | http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EInformation%2BManagement&product=ibm/Information+Management/InfoSphere+Guardium&release=All&platform=All&function=fixId&fixids=SqlGuard_9.0p6019_SecurityUpdate&includeSupersedes=0&source=fc
IBM Security Guardium|
10|
_PSIRT 69817 _ | http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EInformation%2BManagement&product=ibm/Information+Management/InfoSphere+Guardium&release=All&platform=All&function=fixId&fixids=SqlGuard_10.0p6019_SecurityUpdate&includeSupersedes=0&source=fc
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm security guardium | eq | 10.0 | |
| ibm security guardium | eq | 9.0 | |
| ibm security guardium | eq | 9.1 | |
| ibm security guardium | eq | 9.5 |
Related
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C