Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMDEA3C6C60F381F5571B757E482ADE591EE2EB3B3F0E4661AE75F1ABE40BAD02E
HistoryJun 28, 2023 - 10:06 p.m.

Security Bulletin: Multiple security vulnerabilities have been identified in Oracle MySQL, which is a supported topology database of IBM Tivoli Network Manager IP Edition.

2023-06-2822:06:11
www.ibm.com
16

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

5.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:P/A:P

0.004 Low

EPSS

Percentile

74.7%

JSON

Summary

Oracle MySQL version 5.5.x and version 5.6.x is a supported topology database of IBM Tivoli Network Manager IP Edition 3.9 Fix Pack 4 and Fix Pack 5. Information about a security vulnerability affecting Oracle MySQL has been published here.

Vulnerability Details

CVEID: CVE-2018-3079 DESCRIPTION: An unspecified vulnerability in Oracle MySQL related to the Server InnoDB component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 4.9
CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/146974&gt; for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2018-2598 DESCRIPTION: An unspecified vulnerability in Oracle MySQL related to the Workbench Workbench: Security: Encryption component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors.
CVSS Base Score: 3.7
CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/146758&gt; for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID: CVE-2018-3058 DESCRIPTION: An unspecified vulnerability in Oracle MySQL related to the Server MyISAM component could allow an authenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact.
CVSS Base Score: 4.3
CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/146954&gt; for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)

CVEID: CVE-2018-3077 DESCRIPTION: An unspecified vulnerability in Oracle MySQL related to the Server Server: DDL component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 4.9
CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/146972&gt; for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2018-3066 DESCRIPTION: An unspecified vulnerability in Oracle MySQL related to the Server Server: Options component could allow an authenticated attacker to cause low confidentiality impact, low integrity impact, and no availability impact.
CVSS Base Score: 3.3
CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/146961&gt; for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N)

CVEID: CVE-2018-3056 DESCRIPTION: An unspecified vulnerability in Oracle MySQL related to the Server Server: Security: Privileges component could allow an authenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors.
CVSS Base Score: 4.3
CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/146952&gt; for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)

CVEID: CVE-2018-3078 DESCRIPTION: An unspecified vulnerability in Oracle MySQL related to the Server Server: DDL component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 4.9
CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/146973&gt; for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2018-3067 DESCRIPTION: An unspecified vulnerability in Oracle MySQL related to the Server Server: Replication component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 4.9
CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/146962&gt; for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2018-3075 DESCRIPTION: An unspecified vulnerability in Oracle MySQL related to the Server Server: Security: Privileges component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 4.9
CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/146970&gt; for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2018-3064 DESCRIPTION: An unspecified vulnerability in Oracle MySQL related to the Server InnoDB component could allow an authenticated attacker to cause no confidentiality impact, low integrity impact, and high availability impact.
CVSS Base Score: 7.1
CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/146959&gt; for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H)

CVEID: CVE-2018-3054 DESCRIPTION: An unspecified vulnerability in Oracle MySQL related to the Server Server: DDL component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 4.9
CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/146950&gt; for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2018-3065 DESCRIPTION: An unspecified vulnerability in Oracle MySQL related to the Server Server: DML component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 6.5
CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/146960&gt; for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2018-3062 DESCRIPTION: An unspecified vulnerability in Oracle MySQL related to the Server Server: Memcached component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 5.3
CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/146957&gt; for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2018-3073 DESCRIPTION: An unspecified vulnerability in Oracle MySQL related to the Server Server: Optimizer component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 6.5
CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/146968&gt; for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2018-3084 DESCRIPTION: An unspecified vulnerability in Oracle MySQL related to the Server Shell: Core / Client component could allow an authenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.
CVSS Base Score: 2.8
CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/146978&gt; for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L)

CVEID: CVE-2018-3074 DESCRIPTION: An unspecified vulnerability in Oracle MySQL related to the Server Server: Security: Roles component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 5.3
CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/146969&gt; for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2018-3063 DESCRIPTION: An unspecified vulnerability in Oracle MySQL related to the Server Server: Security: Privileges component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 4.9
CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/146958&gt; for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2018-3082 DESCRIPTION: An unspecified vulnerability in Oracle MySQL related to the Server Server: DDL component could allow an authenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors.
CVSS Base Score: 2.7
CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/146977&gt; for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N)

CVEID: CVE-2018-3060 DESCRIPTION: An unspecified vulnerability in Oracle MySQL related to the Server InnoDB component could allow an authenticated attacker to cause no confidentiality impact, high integrity impact, and high availability impact.
CVSS Base Score: 6.5
CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/146955&gt; for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H)

CVEID: CVE-2018-3071 DESCRIPTION: An unspecified vulnerability in Oracle MySQL related to the Server Audit Log component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 4.9
CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/146966&gt; for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2018-3061 DESCRIPTION: An unspecified vulnerability in Oracle MySQL related to the Server Server: DML component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 4.9
CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/146956&gt; for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2018-3080 DESCRIPTION: An unspecified vulnerability in Oracle MySQL related to the Server Server: DDL component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 4.9
CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/146975&gt; for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2018-3070 DESCRIPTION: An unspecified vulnerability in Oracle MySQL related to the Server Client mysqldump component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 6.5
CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/146965&gt; for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2018-3081 DESCRIPTION: An unspecified vulnerability in Oracle MySQL related to the Client Client programs component could allow an authenticated attacker to cause no confidentiality impact, low integrity impact, and high availability impact.
CVSS Base Score: 5.0
CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/146976&gt; for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H)

Affected Products and Versions

ITNM 3.9.0.4 and ITNM 3.9.0.5 deployments which use Oracle MySQL v5.5 or v5.6 as their topology database server.

Remediation/Fixes

Product

| VMRF |Remediation/First Fix
—|—|—
IBM Tivoli Network Manager IP Edition |3.9.0.4 and 3.9.0.5 | Upgrade Oracle MySQL v5.5/5.6 servers as advised in Oracle’s Critical Patch Update for July 2018.

Please also note the****end of support announcement** from 12 September 2017 for selected Netcool product versions. You can find detailed information on whether the product version you have installed in your environment is affected by this end of service announcement by following the**Netcool End of Support Knowledge Collection**.**If your product version is affected, IBM recommend to upgrade your product version to the latest supported version of your product. Please contact your IBM account manager for any question you might have or for any assistance you may require for upgrading an end of service announced offering.

Workarounds and Mitigations

None.

CPENameOperatorVersion
tivoli network manager ip editioneq3.9

Related

photon 4
nessus 42
ibm 1
freebsd 1
ubuntu 2
openvas 27
amazon 4
mageia 2
altlinux 2
osv 18
debian 2
suse 2
oraclelinux 1
fedora 4
f5 1
redhat 1
centos 1
cve 16
rosalinux 1
debiancve 4
redhatcve 16
ubuntucve 11
prion 18
mariadbunix 4
alpinelinux 4
veracode 10
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-1.0-0170
2018-08-02 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-2.0-0079
2018-08-01 00:00:00
Important Photon OS Security Update - PHSA-2018-0079
2018-08-01 00:00:00
nessus
nessus
Photon OS 2.0: Mysql PHSA-2018-2.0-0079
2019-02-07 00:00:00
Photon OS 1.0: Mysql PHSA-2018-1.0-0170
2019-02-07 00:00:00
Photon OS 1.0: Mysql PHSA-2018-1.0-0170 (deprecated)
2018-08-17 00:00:00
ibm
ibm
Security Bulletin: IBM Security Guardium is affected by a publicly disclosed vulnerability from Oracle MySQL
2019-02-12 21:20:01
freebsd
freebsd
MySQL -- multiple vulnerabilities
2018-07-17 00:00:00
ubuntu
ubuntu
MySQL vulnerabilities
2018-07-30 00:00:00
MySQL vulnerabilities
2018-07-30 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-3725-1)
2018-07-31 00:00:00
Oracle MySQL Security Update (cpujul2018 - 01) - Windows
2018-07-18 00:00:00
Oracle MySQL Security Update (cpujul2018 - 01) - Linux
2018-07-18 00:00:00
amazon
amazon
Medium: mysql57
2018-08-22 19:35:00
Medium: mysql55
2018-08-22 19:33:00
Medium: mysql56
2018-08-22 19:34:00
mageia
mageia
Updated mariadb packages fix security vulnerability
2018-09-01 00:11:59
Updated mariadb packages fix security vulnerabilities
2018-08-12 23:39:12
altlinux
altlinux
Security fix for the ALT Linux 9 package mariadb version 10.3.9-alt1
2018-08-19 00:00:00
Security fix for the ALT Linux 8 package mariadb version 10.1.35-alt1
2018-08-20 00:00:00
osv
osv
mariadb-10.0 - security update
2018-08-31 00:00:00
mysql-5.5 - security update
2018-11-05 00:00:00
CVE-2018-3082
2018-07-18 13:29:08
debian
debian
[SECURITY] [DLA 1488-1] mariadb-10.0 security update
2018-08-31 22:01:19
[SECURITY] [DLA 1566-1] mysql-5.5 security update
2018-11-05 18:06:29
suse
suse
Security update for mysql-community-server (moderate)
2018-08-10 03:13:38
Security update for mariadb (important)
2019-03-14 00:00:00
oraclelinux
oraclelinux
mariadb security and bug fix update
2019-08-13 00:00:00
fedora
fedora
[SECURITY] Fedora 28 Update: community-mysql-5.7.23-1.fc28
2018-09-11 17:01:28
[SECURITY] Fedora 27 Update: community-mysql-5.7.23-1.fc27
2018-09-11 14:56:36
[SECURITY] Fedora 27 Update: mariadb-10.2.17-1.fc27
2018-08-31 20:04:41
f5
f5
K53756439 : MySQL vulnerabilities CVE-2018-2767, CVE-2018-3063, CVE-2017-3653, and CVE-2018-3066
2022-01-18 00:00:00
redhat
redhat
(RHSA-2019:2327) Moderate: mariadb security and bug fix update
2019-08-06 08:25:40
centos
centos
mariadb security update
2019-08-30 03:38:17
cve
cve
CVE-2018-2598
2018-07-18 13:29:00
CVE-2018-3060
2018-07-18 13:29:00
CVE-2018-3066
2018-07-18 13:29:00
rosalinux
rosalinux
Advisory ROSA-SA-2023-2251
2023-10-21 14:46:06
debiancve
debiancve
CVE-2018-2598
2018-07-18 13:29:00
CVE-2018-3066
2018-07-18 13:29:00
CVE-2018-3063
2018-07-18 13:29:00
redhatcve
redhatcve
CVE-2018-3054
2018-07-18 10:10:50
CVE-2018-3073
2018-07-18 10:09:07
CVE-2018-3060
2018-07-18 10:14:55
ubuntucve
ubuntucve
CVE-2018-3054
2018-07-18 00:00:00
CVE-2018-2598
2018-07-18 00:00:00
CVE-2018-3060
2018-07-18 00:00:00
prion
prion
Design/Logic Flaw
2018-07-18 13:29:00
Code injection
2018-07-18 13:29:00
Design/Logic Flaw
2018-07-18 13:29:00
mariadbunix
mariadbunix
CVE-2018-3063
2018-07-18 13:29:00
CVE-2018-3066
2018-07-18 13:29:00
CVE-2018-3060
2018-07-18 13:29:00
alpinelinux
alpinelinux
CVE-2018-3066
2018-07-18 13:29:00
CVE-2018-3060
2018-07-18 13:29:00
CVE-2018-3063
2018-07-18 13:29:00
veracode
veracode
Privilege Escalation
2019-05-16 03:22:40
Privilege Escalation
2019-05-16 03:22:41
Denial Of Service (DoS)
2019-05-16 03:22:40

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

5.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:P/A:P

0.004 Low

EPSS

Percentile

74.7%

JSON
Related for DEA3C6C60F381F5571B757E482ADE591EE2EB3B3F0E4661AE75F1ABE40BAD02E
photon4nessus42ibm1freebsd1ubuntu2openvas27amazon4mageia2altlinux2osv18debian2suse2oraclelinux1fedora4f51redhat1centos1cve16rosalinux1debiancve4redhatcve16ubuntucve11prion18mariadbunix4alpinelinux4veracode10