Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMD5E302013299BAD3481DFEA9AC4BD80F8E7EEA59270C1284F92068F0AB3438FB
HistoryJul 15, 2024 - 8:06 p.m.

Security Bulletin: IBM Security Guardium is affected by an Oracle MySQL vulnerability

2024-07-1520:06:00
www.ibm.com
6
ibm guardium
oracle mysql
vulnerability
remote attacker
high availability impact

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.6

Confidence

Low

JSON

Summary

IBM Security Guardium has fixed this vulnerability

Vulnerability Details

CVEID:CVE-2024-20968
**DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Server related to the Server: Options component could allow a remote authenticated attacker to cause high availability impact.
CVSS Base score: 4.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/283526 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2024-20976
**DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Server related to the Server: Optimizer component could allow a remote authenticated attacker to cause high availability impact.
CVSS Base score: 4.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/283530 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2024-20960
**DESCRIPTION:**An unspecified vulnerability in Oracle v related to the Server: RAPID component could allow a remote authenticated attacker to cause high availability impact.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/283522 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2024-20962
**DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Server related to the Server: Optimizer component could allow a remote authenticated attacker to cause high availability impact.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/283523 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2024-20970
**DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Server related to the Server: Optimizer component could allow a remote authenticated attacker to cause high availability impact.
CVSS Base score: 4.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/283527 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2024-20978
**DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Server related to the Server: Optimizer component could allow a remote authenticated attacker to cause high availability impact.
CVSS Base score: 4.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/283531 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2024-20964
**DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Server related to the Server: Security: Privileges component could allow a remote authenticated attacker to cause high availability impact.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/283524 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2024-20972
**DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Server related to the Server: Optimizer component could allow a remote authenticated attacker to cause high availability impact.
CVSS Base score: 4.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/283528 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2024-20982
**DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Server related to the Server: Optimizer component could allow a remote authenticated attacker to cause high availability impact.
CVSS Base score: 4.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/283533 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2024-20966
**DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Server related to the Server: Security: Privileges component could allow a remote authenticated attacker to cause high availability impact.
CVSS Base score: 4.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/283525 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2024-20974
**DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Server related to the Server: Optimizer component could allow a remote authenticated attacker to cause high availability impact.
CVSS Base score: 4.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/283529 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2024-20984
**DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Server related to the Server : Security : Firewall component could allow a remote authenticated attacker to cause high availability impact.
CVSS Base score: 4.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/283534 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Security Guardium 12.0

Remediation/Fixes

IBM encourages customers to update their systems promptly.

Product Versions ** Fix**
IBM Security Guardium 12.0 https://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=12.0&platform=Linux&function=fixId&fixids=SqlGuard_12.0p6007_June-Security-Patch_V12.0&includeSupersedes=0&source=fc

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmsecurity_guardiumMatch12.0

Related

f5 2
nessus 16
openvas 6
ubuntu 1
osv 15
photon 3
fedora 1
prion 12
redhatcve 12
vulnrichment 12
ubuntucve 12
nvd 12
debiancve 12
cve 12
cvelist 12
cnvd 1
oraclelinux 2
almalinux 2
redhat 3
hp 1
oracle 1
f5
f5
K000138704 : Multiple MySQL vulnerabilities
2024-02-23 00:00:00
K000138460: Multiple MySQL vulnerabilities
2024-02-02 00:00:00
nessus
nessus
Photon OS 4.0: Mysql PHSA-2024-4.0-0555
2024-07-23 00:00:00
Photon OS 3.0: Mysql PHSA-2024-3.0-0716
2024-07-24 00:00:00
Photon OS 5.0: Mysql PHSA-2024-5.0-0194
2024-07-24 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-6615-1)
2024-01-31 00:00:00
Oracle MySQL Server 8.x <= 8.0.35, 8.1.x <= 8.2.0 Security Update (cpujan2024) - Windows
2024-01-17 00:00:00
Oracle MySQL Server 8.x <= 8.0.35, 8.1.x <= 8.2.0 Security Update (cpujan2024) - Linux
2024-01-17 00:00:00
ubuntu
ubuntu
MySQL vulnerabilities
2024-01-30 00:00:00
osv
osv
mysql-8.0 vulnerabilities
2024-01-30 12:38:24
CVE-2024-20972
2024-02-17 02:15:50
CGA-jvc9-qg77-vhhq
2024-07-04 22:09:24
photon
photon
Critical Photon OS Security Update - PHSA-2024-5.0-0194
2024-01-22 00:00:00
Moderate Photon OS Security Update - PHSA-2024-3.0-0716
2024-01-21 00:00:00
Moderate Photon OS Security Update - PHSA-2024-4.0-0555
2024-01-23 00:00:00
fedora
fedora
[SECURITY] Fedora 39 Update: community-mysql-8.0.39-1.fc39
2024-08-23 01:24:55
prion
prion
Code injection
2024-02-17 02:15:00
Code injection
2024-02-17 02:15:00
Code injection
2024-02-17 02:15:00
redhatcve
redhatcve
CVE-2024-20978
2024-01-17 12:05:46
CVE-2024-20984
2024-01-17 12:06:26
CVE-2024-20968
2024-01-17 12:04:06
vulnrichment
vulnrichment
CVE-2024-20978
2024-02-17 01:50:21
CVE-2024-20982
2024-02-17 01:50:22
CVE-2024-20968
2024-02-17 01:50:19
ubuntucve
ubuntucve
CVE-2024-20970
2024-01-17 00:00:00
CVE-2024-20974
2024-01-17 00:00:00
CVE-2024-20964
2024-01-17 00:00:00
nvd
nvd
CVE-2024-20962
2024-02-17 02:15:50
CVE-2024-20966
2024-02-17 02:15:50
CVE-2024-20978
2024-02-17 02:15:51
debiancve
debiancve
CVE-2024-20966
2024-02-17 02:15:50
CVE-2024-20960
2024-02-17 02:15:50
CVE-2024-20968
2024-02-17 02:15:50
cve
cve
CVE-2024-20960
2024-02-17 02:15:50
CVE-2024-20968
2024-02-17 02:15:50
CVE-2024-20978
2024-02-17 02:15:51
cvelist
cvelist
CVE-2024-20984
2024-02-17 01:50:22
CVE-2024-20972
2024-02-17 01:50:20
CVE-2024-20978
2024-02-17 01:50:21
cnvd
cnvd
Unspecified Vulnerability in Oracle MySQL (CNVD-2024-11158)
2024-02-22 00:00:00
oraclelinux
oraclelinux
mysql:8.0 security update
2024-02-21 00:00:00
mysql security update
2024-03-06 00:00:00
almalinux
almalinux
Moderate: mysql:8.0 security update
2024-02-20 00:00:00
Moderate: mysql security update
2024-03-05 00:00:00
redhat
redhat
(RHSA-2024:2619) Moderate: rh-mysql80-mysql security update
2024-04-30 16:31:20
(RHSA-2024:1141) Moderate: mysql security update
2024-03-05 15:32:23
(RHSA-2024:0894) Moderate: mysql:8.0 security update
2024-02-20 11:21:25
hp
hp
HP ThinPro 8.0 SP 9 Security Updates
2024-06-17 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - January 2024
2024-01-16 00:00:00

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.6

Confidence

Low

JSON
Related for D5E302013299BAD3481DFEA9AC4BD80F8E7EEA59270C1284F92068F0AB3438FB
f52nessus16openvas6ubuntu1osv15photon3fedora1prion12redhatcve12vulnrichment12ubuntucve12nvd12debiancve12cve12cvelist12cnvd1oraclelinux2almalinux2redhat3hp1oracle1