Lucene search

IBM87E66DFBE713AD5269B7D9503D07DC3855B45CFE71452E88BDEDA82A2879EF71

HistoryOct 06, 2021 - 12:37 p.m.

Security Bulletin: IBM Security Guardium is affected by Oracle MySQL vulnerabilities

2021-10-0612:37:14

www.ibm.com

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

5.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:P/A:P

0.006 Low

EPSS

Percentile

75.5%

JSON

Summary

IBM Security Guardium has addressed the following vulnerabilities.

Vulnerability Details

CVEID:CVE-2020-2763
**DESCRIPTION:**An unspecified vulnerability in Oracle MySQL related to the Server Server: Replication component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base score: 4.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/179663 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2020-2806
**DESCRIPTION:**An unspecified vulnerability in Oracle MySQL related to the Server Server: Compiling component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/179704 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2020-2765
**DESCRIPTION:**An unspecified vulnerability in Oracle MySQL related to the Server Server: Optimizer component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base score: 4.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/179665 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2020-2814
**DESCRIPTION:**An unspecified vulnerability in Oracle MySQL related to the Server InnoDB component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base score: 4.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/179712 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2020-2812
**DESCRIPTION:**An unspecified vulnerability in Oracle MySQL related to the Server Server: Stored Procedure component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base score: 4.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/179710 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2020-2790
**DESCRIPTION:**An unspecified vulnerability in Oracle MySQL related to the Server Server: Pluggable Auth component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/179689 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2020-2780
**DESCRIPTION:**An unspecified vulnerability in Oracle MySQL related to the Server Server: DML component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/179680 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2020-2760
**DESCRIPTION:**An unspecified vulnerability in Oracle MySQL related to the Server InnoDB component could allow an authenticated attacker to cause no confidentiality impact, low integrity impact, and high availability impact.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/179660 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H)

CVEID:CVE-2020-2804
**DESCRIPTION:**An unspecified vulnerability in Oracle MySQL related to the Server Server: Memcached component could allow an unauthenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/179702 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM Security Guardium	10.6
IBM Security Guardium	11.0
IBM Security Guardium	11.1
IBM Security Guardium	11.2

Remediation/Fixes

Product

VRMF

Remediation / First Fix

—|—|—
IBM Security Guardium| 10.6| | https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Sec…

IBM Security Guardium| 11.0| http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Secur…
IBM Security Guardium| 11.1| http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Secur…
IBM Security Guardium| 11.2| http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Secur…

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm security guardiumeq11.0
ibm security guardiumeq10.6
ibm security guardiumeq11.0
ibm security guardiumeq11.1
ibm security guardiumeq11.2