Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM9C5EB860144764F06A9FB22BBBED0A5D4CF09F3A5C18DF603315A85AEC0A1722
HistoryDec 14, 2023 - 6:45 p.m.

Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities in Oracle MySQL Server

2023-12-1418:45:34
www.ibm.com
27
security bulletin
ibm security guardium
oracle mysql server
vulnerabilities
update
remote attacker
high availability
authenticated
impact

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5.5 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.002 Low

EPSS

Percentile

54.6%

JSON

Summary

IBM Security Guardium has released an update to address these vulnerabilities.

Vulnerability Details

CVEID:CVE-2023-21940
**DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Server related to the Server: Components Services component could allow a remote authenticated attacker to cause high availability impact.
CVSS Base score: 4.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/253144 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-21966
**DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Server related to the Server: JSON component could allow a remote authenticated attacker to cause high availability impact.
CVSS Base score: 4.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/253148 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-21955
**DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Server related to the Server: Partition component could allow a remote authenticated attacker to cause high availability impact.
CVSS Base score: 4.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/253152 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-21929
**DESCRIPTION:**An unspecified vulnerability in MySQL Server product related to the Server DDL component could allow an authenticated attacker to cause low integrity impact and high availability impact
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/253116 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H)

CVEID:CVE-2023-21912
**DESCRIPTION:**An unspecified vulnerability in MySQL Server product of Oracle MySQL could allow an attacker to cause high availability impact.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/253170 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-21920
**DESCRIPTION:**An unspecified vulnerability in MySQL Server product related to the Optimizer component could allow an authenticated attacker to cause high availability impact.
CVSS Base score: 4.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/253140 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-21911
**DESCRIPTION:**An unspecified vulnerability in MySQL Server product of Oracle MySQL related to InnoDB component could allow an authenticated attacker to cause high availability impact.
CVSS Base score: 4.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/253171 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-21962
**DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Server related to the Server: Components Services component could allow a remote authenticated attacker to cause high availability impact.
CVSS Base score: 4.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/253145 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-21945
**DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Server related to the Server: Optimize component could allow a remote authenticated attacker to cause high availability impact.
CVSS Base score: 4.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/253149 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-21953
**DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Server related to the Server: Partition component could allow a remote authenticated attacker to cause high availability impact.
CVSS Base score: 4.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/253153 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-21917
**DESCRIPTION:**An unspecified vulnerability in MySQL Server product of Oracle MySQL could allow an authenticated attacker to cause high availability impact.
CVSS Base score: 4.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/253159 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-21919
**DESCRIPTION:**An unspecified vulnerability in MySQL Server product related to DDL component could allow an authenticated attacker to cause high availability impact.
CVSS Base score: 4.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/253141 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-21963
**DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Server related to the Server: Connection Handling component could allow a remote authenticated attacker to cause availability impact.
CVSS Base score: 2.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/253146 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2023-21935
**DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Server related to the Server: Optimizer component could allow a remote authenticated attacker to cause high availability impact.
CVSS Base score: 4.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/253150 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-21946
**DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Server related to the Server: Optimizer component could allow a remote authenticated attacker to cause high availability impact.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/253151 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-21982
**DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Server related to the Server: Optimizer component could allow a remote authenticated attacker to cause high availability impact.
CVSS Base score: 4.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/253095 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-21913
**DESCRIPTION:**An unspecified vulnerability in MySQL Server product of Oracle MySQL related to the Server Optimizer component could allow an authenticated attacker to cause high availability impact.
CVSS Base score: 4.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/253169 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-21947
**DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Server related to the Server: Components Services component could allow a remote authenticated attacker to cause high availability impact.
CVSS Base score: 4.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/253142 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-21933
**DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Server related to the Server: DDL component could allow a remote authenticated attacker to cause high availability impact.
CVSS Base score: 4.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/253147 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-21972
**DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Server related to the Server: DML component could allow a remote authenticated attacker to cause high availability impact.
CVSS Base score: 4.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/253087 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-21976
**DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Server related to the Server: Optimizer component could allow a remote authenticated attacker to cause high availability impact.
CVSS Base score: 4.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/253089 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-21977
**DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Server related to the Server: Optimizer component could allow a remote authenticated attacker to cause high availability impact.
CVSS Base score: 4.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/253090 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-21971
**DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Connectors related to the Connector/J component could allow a remote authenticated attacker to cause low confidentiality impact, low integrity impact, and high availability impact.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/253086 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:H)

CVEID:CVE-2023-21980
**DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Server related to the Client programs component could allow an remote authenticated attacker to cause high confidentiality impact, high integrity impact, and high availability impact.
CVSS Base score: 7.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/253093 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Security Guardium 10.6
IBM Security Guardium 11.3
IBM Security Guardium 11.4
IBM Security Guardium 11.5

Remediation/Fixes

IBM encourages customers to update their systems promptly.

Product Versions ** Fix**
IBM Security Guardium 10.6 https://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=10.0&platform=Linux&function=fixId&fixids=SqlGuard_10.0p1030_Bundle_Oct-03-2023&includeSupersedes=0&source=fc
IBM Security Guardium 11.3 https://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=11.0&platform=Linux&function=fixId&fixids=SqlGuard_11.0p389_Bundle_Aug-21-2023&includeSupersedes=0&source=fc
IBM Security Guardium 11.4 https://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=11.0&platform=Linux&function=fixId&fixids=SqlGuard_11.0p6401_October-Security-Patch_V11.4&includeSupersedes=0&source=fc
IBM Security Guardium 11.5
https://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=11.0&platform=Linux&function=fixId&fixids=SqlGuard_11.0p535_Bundle_Nov-29-2023&includeSupersedes=0&source=fc

Workarounds and Mitigations

None

Related

freebsd 1
nessus 18
cloudfoundry 1
openvas 13
osv 22
ubuntu 2
f5 7
fedora 3
amazon 1
almalinux 2
prion 21
redhatcve 21
oraclelinux 2
cnvd 21
cve 19
ubuntucve 19
debiancve 19
hp 1
cbl_mariner 5
veracode 1
freebsd
freebsd
MySQL -- Multiple vulnerabilities
2023-04-19 00:00:00
nessus
nessus
Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.04 : MySQL vulnerabilities (USN-6060-1)
2023-05-08 00:00:00
FreeBSD : MySQL -- Multiple vulnerabilities (f504a8d2-e105-11ed-85f6-84a93843eb75)
2023-04-24 00:00:00
Oracle MySQL Server (Apr 2023 CPU)
2023-04-20 00:00:00
cloudfoundry
cloudfoundry
USN-6060-1: MySQL vulnerabilities | Cloud Foundry
2023-06-30 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-6060-1)
2023-05-09 00:00:00
Oracle MySQL Server 8.x <= 8.0.32 Security Update (cpuapr2023) - Linux
2023-04-19 00:00:00
Oracle MySQL Server 8.x <= 8.0.32 Security Update (cpuapr2023) - Windows
2023-04-19 00:00:00
osv
osv
mysql-5.7, mysql-8.0 vulnerabilities
2023-05-08 11:47:20
mysql-5.7 vulnerabilities
2023-05-08 14:14:37
CVE-2023-21917
2023-04-18 20:15:12
ubuntu
ubuntu
MySQL vulnerabilities
2023-05-08 00:00:00
MySQL vulnerabilities
2023-05-08 00:00:00
f5
f5
K000134475 : Multiple MySQL vulnerabilities
2023-05-05 00:00:00
K000133687 : MySQL vulnerabilities CVE-2023-21913, CVE-2023-21920, CVE-2023-21945, CVE-2023-21977, and CVE-2023-21982
2023-04-27 00:00:00
K000133694 : MySQL vulnerabilities CVE-2023-21929, CVE-2023-21976, and CVE-2023-21980
2023-04-28 00:00:00
fedora
fedora
[SECURITY] Fedora 38 Update: community-mysql-8.0.34-2.fc38
2023-09-16 01:29:00
[SECURITY] Fedora 37 Update: community-mysql-8.0.34-2.fc37
2023-09-16 01:41:10
[SECURITY] Fedora 39 Update: community-mysql-8.0.34-2.fc39
2023-09-15 19:07:55
amazon
amazon
Important: mysql57
2023-06-07 23:52:00
almalinux
almalinux
Moderate: mysql security update
2024-03-05 00:00:00
Moderate: mysql:8.0 security update
2024-02-20 00:00:00
prion
prion
Design/Logic Flaw
2023-04-18 20:15:00
Code injection
2023-04-18 20:15:00
Code injection
2023-04-18 20:15:00
redhatcve
redhatcve
CVE-2023-21917
2023-04-19 20:32:12
CVE-2023-21946
2023-04-19 20:33:32
CVE-2023-21966
2023-04-19 20:34:32
oraclelinux
oraclelinux
mysql security update
2024-03-06 00:00:00
mysql:8.0 security update
2024-02-21 00:00:00
cnvd
cnvd
Unspecified Vulnerability in Oracle MySQL Server (CNVD-2023-65518)
2023-04-21 00:00:00
Unspecified Vulnerability in Oracle MySQL Server (CNVD-2023-65513)
2023-04-21 00:00:00
Unspecified Vulnerability in Oracle MySQL Server (CNVD-2023-67105)
2023-04-21 00:00:00
cve
cve
CVE-2023-21917
2023-04-18 20:15:12
CVE-2023-21945
2023-04-18 20:15:15
CVE-2023-21966
2023-04-18 20:15:16
ubuntucve
ubuntucve
CVE-2023-21966
2023-04-18 00:00:00
CVE-2023-21963
2023-04-18 00:00:00
CVE-2023-21947
2023-04-18 00:00:00
debiancve
debiancve
CVE-2023-21963
2023-04-18 20:15:16
CVE-2023-21940
2023-04-18 20:15:14
CVE-2023-21977
2023-04-18 20:15:17
hp
hp
HP ThinPro 8.0 SP 7 Security Updates
2024-01-26 00:00:00
cbl_mariner
cbl_mariner
CVE-2023-21977 affecting package mysql for versions less than 8.0.33-1
2023-05-03 16:24:32
CVE-2023-21982 affecting package mysql for versions less than 8.0.33-1
2023-05-03 16:24:32
CVE-2023-21976 affecting package mysql for versions less than 8.0.33-1
2023-05-03 16:24:32
veracode
veracode
Remote Code Execution (RCE)
2023-10-20 09:40:48

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5.5 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.002 Low

EPSS

Percentile

54.6%

JSON
Related for 9C5EB860144764F06A9FB22BBBED0A5D4CF09F3A5C18DF603315A85AEC0A1722
freebsd1nessus18cloudfoundry1openvas13osv22ubuntu2f57fedora3amazon1almalinux2prion21redhatcve21oraclelinux2cnvd21cve19ubuntucve19debiancve19hp1cbl_mariner5veracode1