Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMC5525DE90238066C0537ED78A73BC52FFC4717A7184CCE4403E891E56E4AEB8E
HistoryJun 16, 2018 - 9:38 p.m.

Security Bulletin: Multiple vulnerabilities in OpenSource Oracle Mysql affect IBM Security Guardium Database Activity Monitor

2018-06-1621:38:45
www.ibm.com
12

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

JSON

Summary

Several unspecified vulnerability in Oracle MySQL Server could allow a remote attacker to cause a denial of service, obtain information, and have partial confidentiality, integrity, and availability impact.

Vulnerability Details

CVEID: CVE-2015-4815**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL Server related to the Server : DDL component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/107383&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P)

CVEID: CVE-2015-4791**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL Server related to the Server : Security : Privileges component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 3.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/107402&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P)

CVEID: CVE-2015-4792**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL Server related to the Server : Partition component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 1.7
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/107407&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:M/C:N/I:N/A:P)

CVEID: CVE-2015-4800**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL Server related to the Server : Optimizer component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/107389&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P)

CVEID: CVE-2015-4802**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL Server related to the Server : Partition component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/107391&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P)

CVEID: CVE-2015-4807**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL Server related to the Server : Query Cache component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 3.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/107400&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P)

CVEID: CVE-2015-4816**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL Server related to the Server : InnoDB component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/107388&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P)

CVEID: CVE-2015-4730**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL Server related to the Server : Types component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/107394&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P)

CVEID: CVE-2015-4766**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL Server related to the Server : Security : Firewall component could allow a local attacker to cause a denial of service.
CVSS Base Score: 1.9
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/107406&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:M/Au:N/C:N/I:N/A:P)

CVEID: CVE-2015-4819**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL Server related to the Client programs component has complete confidentiality impact, complete integrity impact, and complete availability impact.
CVSS Base Score: 7.2
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/107381&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2015-4826**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL Server related to the Server : Types component could allow a remote attacker to obtain sensitive information.
CVSS Base Score: 4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/107395&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N)

CVEID: CVE-2015-4833**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL Server related to the Server : Partition component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/107392&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P)

CVEID: CVE-2015-4836**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL Server related to the Server : SP component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 2.8
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/107404&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:M/C:N/I:N/A:P)

CVEID: CVE-2015-4858**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL Server related to the Server : DML component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/107385&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P)

CVEID: CVE-2015-4861**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL Server related to the Server : InnoDB component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 3.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/107399&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P)

CVEID: CVE-2015-4861**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL Server related to the Server : InnoDB component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 3.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/107399&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P)

CVEID: CVE-2015-4862**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL Server related to the Server : DML component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/107386&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P)

CVEID: CVE-2015-4864**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL Server related to the Server : Security : Privileges component has no confidentiality impact, partial integrity impact, and no availability impact.
CVSS Base Score: 3.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/107403&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N)

CVEID: CVE-2015-4866**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL Server related to the Server : InnoDB component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/107387&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P)

CVEID: CVE-2015-4870**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL Server related to the Server : Parser component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/107390&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P)

CVEID: CVE-2015-4879**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL Server related to the Server : DML component has partial confidentiality impact, partial integrity impact, and partial availability impact.
CVSS Base Score: 4.6
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/107382&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:S/C:P/I:P/A:P)

CVEID: CVE-2015-4890**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL Server related to the Server : Replication component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 3.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/107401&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P)

CVEID: CVE-2015-4895**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL Server related to the Server : InnoDB component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 3.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/107398&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P)

CVEID: CVE-2015-4904**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL Server related to the libmysqld component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/107396&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P)

CVEID: CVE-2015-4905**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL Server related to the Server : DML component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/107384&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P)

CVEID: CVE-2015-4910**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL Server related to the Server : Memcached component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 2.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/107405&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:S/C:N/I:N/A:P)

CVEID: CVE-2015-4913**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL Server related to the Server : DML component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 3.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/107397&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P)

Affected Products and Versions

IBM Security Guardium Database Activity Monitor versions 9x, 10

Remediation/Fixes

IBM InfoSphere Guardium Database Activity Monitoring

| 9.x| _PSIRT 66426 _ _ _| http://www.ibm.com/support/fixcentral/swg/quickorder?parent=Security%2BSystems&product=ibm/Information+Management/InfoSphere+Guardium&release=All&platform=All&function=fixId&fixids=SqlGuard_9.0p6017_SecurityUpdate&includeSupersedes=0&source=fc
_ _
—|—|—|—
IBM InfoSphere Guardium Database Activity Monitoring| 10| PSIRT 66426| http://www.ibm.com/support/fixcentral/swg/quickorder?parent=Security%2BSystems&product=ibm/Information+Management/InfoSphere+Guardium&release=All&platform=All&function=fixId&fixids=SqlGuard_10.0p6017_SecurityUpdate&includeSupersedes=0&source=fc

Related

symantec 1
ubuntu 1
f5 6
nessus 37
openvas 34
debian 4
suse 3
freebsd 1
archlinux 1
mageia 1
fedora 4
amazon 1
redhat 5
oraclelinux 1
osv 1
prion 22
ubuntucve 22
cve 23
centos 1
mariadbunix 14
veracode 12
checkpoint_advisories 1
packetstorm 1
zdt 1
exploitpack 1
symantec
symantec
SA106 : MySQL Vulnerabilities October 2015
2015-12-17 08:00:00
ubuntu
ubuntu
MySQL vulnerabilities
2015-10-26 00:00:00
f5
f5
SOL59010802 - Multiple MySQL vulnerabilities
2015-12-15 00:00:00
K59010802 : Multiple MySQL vulnerabilities
2015-12-15 00:00:00
K86326526 : MySQL vulnerabilities CVE-2015-4766, CVE-2015-4904, CVE-2015-4791, and CVE-2015-4807
2015-12-03 00:00:00
nessus
nessus
Ubuntu 14.04 LTS : MySQL vulnerabilities (USN-2781-1)
2015-10-27 00:00:00
MySQL 5.6.x < 5.6.27 Multiple Vulnerabilities
2015-10-22 00:00:00
MariaDB 10.1.0 < 10.1.8 Multiple Vulnerabilities
2022-11-18 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-2781-1)
2015-10-27 00:00:00
SUSE: Security Advisory (SUSE-SU-2016:0121-1)
2021-04-19 00:00:00
SUSE: Security Advisory (SUSE-SU-2015:2303-1)
2021-06-09 00:00:00
debian
debian
[SECURITY] [DSA 3385-1] mariadb-10.0 security update
2015-10-31 08:23:38
[SECURITY] [DSA 3385-1] mariadb-10.0 security update
2015-10-31 08:23:55
[SECURITY] [DSA 3377-1] mysql-5.5 security update
2015-10-24 08:06:52
suse
suse
Security update to MySQL 5.6.27 (important)
2015-12-10 12:12:21
Security update to MariaDB 10.0.22 (important)
2015-12-10 12:13:12
Security update to MariaDB 5.5.46 (important)
2015-12-10 13:10:14
freebsd
freebsd
MySQL - Multiple vulnerabilities
2015-11-10 00:00:00
archlinux
archlinux
mariadb: denial of service
2015-10-30 00:00:00
mageia
mageia
Updated mariadb packages fix security vulnerabilities
2015-11-17 00:36:58
fedora
fedora
[SECURITY] Fedora 22 Update: community-mysql-5.6.29-1.fc22
2016-03-09 20:17:15
[SECURITY] Fedora 23 Update: community-mysql-5.6.29-1.fc23
2016-03-09 20:22:00
[SECURITY] Fedora 22 Update: mariadb-10.0.23-1.fc22
2016-03-05 22:51:47
amazon
amazon
Important: mysql56
2016-04-06 14:40:00
redhat
redhat
(RHSA-2016:22610) Moderate: mariadb security and bug fix update
2016-02-03 05:00:00
(RHSA-2016:0534) Moderate: mariadb security and bug fix update
2016-03-31 14:15:24
(RHSA-2016:1481) Moderate: mariadb55-mariadb security update
2016-07-25 07:45:27
oraclelinux
oraclelinux
mariadb security and bug fix update
2016-03-31 00:00:00
osv
osv
mysql-5.5 packages as an option announcement
2015-12-16 00:00:00
prion
prion
Design/Logic Flaw
2015-10-21 21:59:00
Design/Logic Flaw
2015-10-21 21:59:00
Design/Logic Flaw
2015-10-22 00:00:00
ubuntucve
ubuntucve
CVE-2015-4802
2015-10-21 00:00:00
CVE-2015-4792
2015-10-21 00:00:00
CVE-2015-4858
2015-10-21 00:00:00
cve
cve
CVE-2015-4802
2015-10-21 21:59:00
CVE-2015-4792
2015-10-21 21:59:00
CVE-2015-4913
2015-10-22 00:00:00
centos
centos
mariadb security update
2016-03-31 20:53:35
mariadbunix
mariadbunix
CVE-2015-4802
2015-10-21 21:59:00
CVE-2015-4792
2015-10-21 21:59:00
CVE-2015-4858
2015-10-21 23:59:00
veracode
veracode
Denial Of Service (DoS)
2019-05-02 05:29:17
Denial Of Service (DoS)
2019-05-02 05:29:18
Denial Of Service (DoS)
2019-05-02 05:29:17
checkpoint_advisories
checkpoint_advisories
MySQL Failed Memory Allocation Denial of Service (CVE-2015-4870)
2016-06-08 00:00:00
packetstorm
packetstorm
MySQL Procedure Analyse Denial Of Service
2016-05-28 00:00:00
zdt
zdt
MySQL 5.5.45 - procedure analyse Function Denial of Service
2016-05-30 00:00:00
exploitpack
exploitpack
MySQL 5.5.45 - procedure analyse Function Denial of Service
2016-05-30 00:00:00

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

JSON
Related for C5525DE90238066C0537ED78A73BC52FFC4717A7184CCE4403E891E56E4AEB8E
symantec1ubuntu1f56nessus37openvas34debian4suse3freebsd1archlinux1mageia1fedora4amazon1redhat5oraclelinux1osv1prion22ubuntucve22cve23centos1mariadbunix14veracode12checkpoint_advisories1packetstorm1zdt1exploitpack1