Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM773A7BBB85F3B2A6695C2847B3EBBC72F42BD10B53CF0E5F7BA760451004AA96
HistoryJun 16, 2018 - 9:50 p.m.

Security Bulletin: IBM Security Guardium is affected by Open Source Oracle MySQL Vulnerabilities (multiple CVEs)

2018-06-1621:50:33
www.ibm.com
25

0.017 Low

EPSS

Percentile

88.0%

JSON

Summary

IBM Security Guardium is affected by Open Source Oracle MySQL Vulnerabilities.
IBM Security Guardium addressed these issues

Vulnerability Details

CVEID: CVE-2016-0639**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL Server related to the Server: Pluggable Authentication component has complete confidentiality impact, complete integrity impact, and complete availability impact.
CVSS Base Score: 10
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/112471&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2016-0640**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL Server related to the Server: DML component has no confidentiality impact, partial integrity impact, and partial availability impact.
CVSS Base Score: 4.9
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/112472&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:P)

CVEID: CVE-2016-0641**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL Server related to the Server: MyISAM component has partial confidentiality impact, no integrity impact, and partial availability impact.
CVSS Base Score: 4.9
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/112473&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:P/I:N/A:P)

CVEID: CVE-2016-0644**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL Server related to the Server: DDL component could allow a remote attacker to cause a denial of service resulting in a partial availability impact using unknown attack vectors.
CVSS Base Score: 4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/112476&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P)

CVEID: CVE-2016-0642**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL Server related to the Server: Federated component has no confidentiality impact, partial integrity impact, and partial availability impact.
CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/112474&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:M/C:N/I:P/A:P)

CVEID: CVE-2016-0643**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL Server related to the Server: DML component could allow a remote attacker to obtain sensitive information resulting in a partial confidentiality impact using unknown attack vectors.
CVSS Base Score: 4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/112475&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N)

CVEID: CVE-2016-0646**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL Server related to the Server: DML component could allow a remote attacker to cause a denial of service resulting in a partial availability impact using unknown attack vectors.
CVSS Base Score: 4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/112477&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P)

CVEID: CVE-2016-0647**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL Server related to the Server: FTS component could allow a remote attacker to cause a denial of service resulting in a partial availability impact using unknown attack vectors.
CVSS Base Score: 4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/112478&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P)

CVEID: CVE-2016-0648**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL Server related to the Server: PS component could allow a remote attacker to cause a denial of service resulting in a partial availability impact using unknown attack vectors.
CVSS Base Score: 4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/112479&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P)

CVEID: CVE-2016-0649**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL Server related to the Server: PS component could allow a remote attacker to cause a denial of service resulting in a partial availability impact using unknown attack vectors.
CVSS Base Score: 4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/112480&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P)

CVEID: CVE-2016-0652**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL Server related to the Server: DML component could allow a remote attacker to cause a denial of service resulting in a partial availability impact using unknown attack vectors.
CVSS Base Score: 3.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/112482&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P)

CVEID: CVE-2016-0653**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL Server related to the Server: FTS component could allow a remote attacker to cause a denial of service resulting in a partial availability impact using unknown attack vectors.
CVSS Base Score: 3.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/112483&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P)

CVEID: CVE-2016-0654**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL Server related to the Server: InnoDB component could allow a remote attacker to cause a denial of service resulting in a partial availability impact using unknown attack vectors.
CVSS Base Score: 3.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/112484&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P)

CVEID: CVE-2016-0655**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL Server related to the Server: InnoDB component could allow a remote attacker to cause a denial of service resulting in a partial availability impact using unknown attack vectors.
CVSS Base Score: 3.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/112485&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P)

CVEID: CVE-2016-0656**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL Server related to the Server: InnoDB component could allow a remote attacker to cause a denial of service resulting in a partial availability impact using unknown attack vectors.
CVSS Base Score: 3.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/112486&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P)

CVEID: CVE-2016-0657**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL Server related to the Server: JSON component could allow a remote attacker to obtain sensitive information resulting in a partial confidentiality impact using unknown attack vectors.
CVSS Base Score: 3.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/112487&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:P/I:N/A:N)

CVEID: CVE-2016-0658**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL Server related to the Server: Optimizer component could allow a remote attacker to cause a denial of service resulting in a partial availability impact using unknown attack vectors.
CVSS Base Score: 3.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/112488&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P)

CVEID: CVE-2016-0659**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL Server related to the Server: Optimizer component could allow a remote attacker to cause a denial of service resulting in a partial availability impact using unknown attack vectors.
CVSS Base Score: 3.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/112490&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P)

CVEID: CVE-2016-0661**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL Server related to the Server: Options component could allow a remote attacker to cause a denial of service resulting in a partial availability impact using unknown attack vectors.
CVSS Base Score: 3.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/112491&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P)

CVEID: CVE-2016-0662**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL Server related to the Server: Partition component could allow a remote attacker to cause a denial of service resulting in a partial availability impact using unknown attack vectors.
CVSS Base Score: 3.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/112492&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P)

CVEID: CVE-2016-0650**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL Server related to the Server: Replication component could allow a remote attacker to cause a denial of service resulting in a partial availability impact using unknown attack vectors.
CVSS Base Score: 4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/112481&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P)

CVEID: CVE-2016-0651**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL Server related to the Server: Optimizer component could allow a remote attacker to cause a denial of service resulting in a partial availability impact using unknown attack vectors.
CVSS Base Score: 3.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/112489&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P)

CVEID: CVE-2016-0663**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL Server related to the Server: Performance Schema component could allow a remote attacker to cause a denial of service resulting in a partial availability impact using unknown attack vectors.
CVSS Base Score: 3.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/112493&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P)

CVEID: CVE-2016-0665**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL Server related to the Server: Security: Encryption component could allow a remote attacker to cause a denial of service resulting in a partial availability impact using unknown attack vectors.
CVSS Base Score: 3.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/112494&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P)

CVEID: CVE-2016-0666**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL Server related to the Server: Security: Privileges component could allow a remote attacker to cause a denial of service resulting in a partial availability impact using unknown attack vectors.
CVSS Base Score: 3.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/112495&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P)

CVEID: CVE-2016-0667**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL Server related to the Server: Locking component could allow a remote attacker to cause a denial of service resulting in a partial availability impact using unknown attack vectors.
CVSS Base Score: 2.8
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/112496&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:M/C:N/I:N/A:P)

CVEID: CVE-2016-0668**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL Server related to the Server: InnoDB component could allow a remote attacker to cause a denial of service resulting in a partial availability impact using unknown attack vectors.
CVSS Base Score: 1.7
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/112497&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:M/C:N/I:N/A:P)

Affected Products and Versions

IBM Security Guardium V9.0, 9.1, 9.5

IBM Security Guardium V10.0, 10.0.1, 10.1, 10.1.2

Remediation/Fixes

Product

| VRMF| Remediation/First Fix
—|—|—
IBM Security Guardium| 9x| https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Information+Management/InfoSphere+Guardium&release=All&platform=All&function=fixId&fixids=SqlGuard_9.0p6023_SecurityUpdate&includeSupersedes=0&source=fc
IBM Security Guardium| 10x| https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Information+Management/InfoSphere+Guardium&release=All&platform=All&function=fixId&fixids=SqlGuard_10.0p6023_SecurityUpdate&includeSupersedes=0&source=fc

Workarounds and Mitigations

None

Related

nessus 44
kaspersky 1
freebsd 1
f5 6
openvas 35
ubuntu 2
debian 5
suse 6
osv 5
mageia 1
fedora 2
amazon 2
oraclelinux 1
ibm 1
redhat 4
centos 1
nvd 15
cve 14
ubuntucve 13
prion 13
cvelist 12
veracode 7
mariadbunix 4
alpinelinux 4
nessus
nessus
FreeBSD : MySQL -- multiple vulnerabilities (8c2b2f11-0ebe-11e6-b55e-b499baebfeaf)
2016-05-03 00:00:00
Ubuntu 14.04 LTS : MySQL vulnerabilities (USN-2953-1)
2016-04-22 00:00:00
MySQL 5.7.x < 5.7.11 Multiple Vulnerabilities
2016-03-01 00:00:00
kaspersky
kaspersky
KLA10794 Multiple vulnerabilities in Oracle MySQL
2016-04-19 00:00:00
freebsd
freebsd
MySQL -- multiple vulnerabilities
2016-04-19 00:00:00
f5
f5
SOL70204455 - Multiple MySQL vulnerabilities
2016-08-05 00:00:00
K70204455 : Multiple MySQL vulnerabilities
2016-08-05 00:00:00
SOL82205554 - Multiple MySQL vulnerabilities
2016-08-04 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-2953-1)
2016-05-06 00:00:00
Debian: Security Advisory (DSA-3595-1)
2016-06-04 00:00:00
Debian Security Advisory DSA 3595-1 (mariadb-10.0 - security update)
2016-06-05 00:00:00
ubuntu
ubuntu
MySQL vulnerabilities
2016-04-21 00:00:00
MySQL vulnerabilities
2016-04-25 00:00:00
debian
debian
[SECURITY] [DSA 3595-1] mariadb-10.0 security update
2016-06-05 19:51:35
[SECURITY] [DSA 3595-1] mariadb-10.0 security update
2016-06-05 19:51:35
[SECURITY] [DSA 3557-1] mysql-5.5 security update
2016-04-26 17:32:19
suse
suse
Security update for mysql-community-server (important)
2016-05-18 14:14:23
Security update for mysql (important)
2016-05-11 18:10:17
Security update for mariadb (important)
2016-06-17 20:08:38
osv
osv
mysql-5.5 - security update
2016-04-26 00:00:00
CVE-2016-0647
2016-04-21 10:59:00
CVE-2016-0648
2016-04-21 10:59:00
mageia
mageia
Updated mariadb packages fix security vulnerabilities
2016-05-18 23:14:22
fedora
fedora
[SECURITY] Fedora 23 Update: community-mysql-5.6.30-1.fc23
2016-05-15 05:37:20
[SECURITY] Fedora 22 Update: community-mysql-5.6.30-1.fc22
2016-05-16 14:58:35
amazon
amazon
Critical: mysql56
2016-05-18 14:00:00
Important: mysql55
2016-08-17 13:30:00
oraclelinux
oraclelinux
mariadb security update
2016-08-11 00:00:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities in mariadb affect PowerKVM
2018-06-18 01:33:09
redhat
redhat
(RHSA-2016:1602) Important: mariadb security update
2016-08-11 12:05:12
(RHSA-2016:0705) Critical: rh-mysql56-mysql security update
2016-05-02 12:15:44
(RHSA-2016:1481) Moderate: mariadb55-mariadb security update
2016-07-25 07:45:27
centos
centos
mariadb security update
2016-08-12 11:27:37
nvd
nvd
CVE-2016-0654
2016-04-21 10:59:22
CVE-2016-0656
2016-04-21 10:59:23
CVE-2016-0661
2016-04-21 10:59:27
cve
cve
CVE-2016-0656
2016-04-21 10:59:23
CVE-2016-0654
2016-04-21 10:59:22
CVE-2016-0653
2016-04-21 10:59:21
ubuntucve
ubuntucve
CVE-2016-0654
2016-04-21 00:00:00
CVE-2016-0656
2016-04-21 00:00:00
CVE-2016-0653
2016-04-21 00:00:00
prion
prion
Design/Logic Flaw
2016-04-21 10:59:00
Design/Logic Flaw
2016-04-21 10:59:00
Design/Logic Flaw
2016-04-21 10:59:00
cvelist
cvelist
CVE-2016-0654
2016-04-21 10:00:00
CVE-2016-0656
2016-04-21 10:00:00
CVE-2016-0661
2016-04-21 10:00:00
veracode
veracode
Denial Of Service (DoS)
2019-05-02 05:29:21
Denial Of Service (DoS)
2019-05-02 05:29:21
Denial Of Service (DoS)
2019-05-02 05:29:20
mariadbunix
mariadbunix
CVE-2016-0650
2016-04-21 10:59:00
CVE-2016-0643
2016-04-21 10:59:00
CVE-2016-0651
2016-04-21 10:59:00
alpinelinux
alpinelinux
CVE-2016-0643
2016-04-21 10:59:12
CVE-2016-0647
2016-04-21 10:59:15
CVE-2016-0648
2016-04-21 10:59:16

0.017 Low

EPSS

Percentile

88.0%

JSON
Related for 773A7BBB85F3B2A6695C2847B3EBBC72F42BD10B53CF0E5F7BA760451004AA96
nessus44kaspersky1freebsd1f56openvas35ubuntu2debian5suse6osv5mageia1fedora2amazon2oraclelinux1ibm1redhat4centos1nvd15cve14ubuntucve13prion13cvelist12veracode7mariadbunix4alpinelinux4