Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.MYSQL_5_7_37.NASL
HistoryJan 20, 2022 - 12:00 a.m.

Oracle MySQL Server (Jan 2022 CPU)

2022-01-2000:00:00
This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
59

6.3 Medium

AI Score

Confidence

High

JSON

The versions of MySQL Server installed on the remote host are affected by multiple vulnerabilities as referenced in the January and October 2022 CPU advisories.

  • Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Compiling). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.
    Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. (CVE-2022-21367)

  • Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.
    Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21344)

  • Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21304)

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(156907);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/20");

  script_cve_id(
    "CVE-2021-22946",
    "CVE-2022-21245",
    "CVE-2022-21270",
    "CVE-2022-21303",
    "CVE-2022-21304",
    "CVE-2022-21344",
    "CVE-2022-21367",
    "CVE-2022-21595"
  );

  script_name(english:"Oracle MySQL Server (Jan 2022 CPU)");

  script_set_attribute(attribute:"synopsis", value:
"The remote host is affected by multiple vulnerabilities");
  script_set_attribute(attribute:"description", value:
"The versions of MySQL Server installed on the remote host are affected by multiple vulnerabilities as referenced in the
January and October 2022 CPU advisories.

  - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Compiling). Supported
    versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability
    allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.
    Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently
    repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to
    some of MySQL Server accessible data. (CVE-2022-21367)

  - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported
    versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability
    allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.
    Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently
    repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21344)

  - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions
    that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows high
    privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful
    attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable
    crash (complete DOS) of MySQL Server. (CVE-2022-21304)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/a/tech/docs/cpujan2022cvrf.xml");
  script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/security-alerts/cpujan2022.html");
  script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/a/tech/docs/cpuoct2022cvrf.xml");
  script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/security-alerts/cpuoct2022.html");
  script_set_attribute(attribute:"solution", value:
"Upgrade to MySQL version 8.0.37 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-21367");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2021-22946");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/01/18");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/01/18");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/01/20");

  script_set_attribute(attribute:"potential_vulnerability", value:"true");
  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:mysql");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Databases");

  script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("mysql_version.nasl", "mysql_login.nasl");
  script_require_keys("Settings/ParanoidReport");
  script_require_ports("Services/mysql", 3306);

  exit(0);
}

include('mysql_version.inc');

mysql_check_version(fixed:'5.7.37', min:'5.7', severity:SECURITY_WARNING);
VendorProductVersionCPE
oraclemysqlcpe:/a:oracle:mysql

Related

osv 18
nessus 39
openvas 34
ubuntu 6
photon 10
fedora 3
cbl_mariner 14
debiancve 8
prion 8
cve 8
ubuntucve 8
cnvd 5
redhatcve 8
veracode 8
mariadbunix 1
alpinelinux 1
hackerone 1
ibm 2
cloudfoundry 2
freebsd 2
oraclelinux 1
suse 2
redhat 3
debian 1
rocky 1
almalinux 1
amazon 2
slackware 1
mageia 1
osv
osv
mysql-5.7 vulnerabilities
2022-02-03 15:35:00
CVE-2022-21245
2022-01-19 12:15:10
BIT-mysql-client-2022-21595
2024-03-06 11:04:54
nessus
nessus
Ubuntu 16.04 ESM : MySQL vulnerabilities (USN-5270-2)
2022-02-04 00:00:00
Oracle MySQL Server (Jan 2022 CPU)
2022-01-20 00:00:00
Ubuntu 18.04 LTS / 20.04 LTS : MySQL vulnerabilities (USN-5270-1)
2022-02-03 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-5270-2)
2022-08-26 00:00:00
Oracle MySQL Server <= 5.7.36 / 8.0 <= 8.0.27 Security Update (cpujan2022) - Linux
2022-01-19 00:00:00
Oracle MySQL Server <= 5.7.36 / 8.0 <= 8.0.27 Security Update (cpujan2022) - Windows
2022-01-19 00:00:00
ubuntu
ubuntu
MySQL vulnerabilities
2022-02-03 00:00:00
MySQL vulnerabilities
2022-02-03 00:00:00
curl vulnerabilities
2021-09-15 00:00:00
photon
photon
Moderate Photon OS Security Update - PHSA-2022-0436
2022-02-03 00:00:00
Critical Photon OS Security Update - PHSA-2022-0467
2022-02-04 00:00:00
Moderate Photon OS Security Update - PHSA-2021-0301
2021-09-17 00:00:00
fedora
fedora
[SECURITY] Fedora 35 Update: community-mysql-8.0.28-1.fc35
2022-04-13 15:45:18
[SECURITY] Fedora 34 Update: community-mysql-8.0.28-1.fc34
2022-04-13 15:50:13
[SECURITY] Fedora 35 Update: curl-7.79.1-1.fc35
2021-11-03 01:12:29
cbl_mariner
cbl_mariner
CVE-2022-21245 affecting package mysql 8.0.24-1
2022-04-09 06:53:03
CVE-2022-21245 affecting package mysql 8.0.27-2
2022-02-08 03:14:35
CVE-2022-21303 affecting package mysql 8.0.27-2
2022-02-08 03:14:35
debiancve
debiancve
CVE-2022-21245
2022-01-19 12:15:00
CVE-2022-21270
2022-01-19 12:15:00
CVE-2022-21303
2022-01-19 12:15:00
prion
prion
Code injection
2022-01-19 12:15:00
Code injection
2022-01-19 12:15:00
Code injection
2022-01-19 12:15:00
cve
cve
CVE-2022-21270
2022-01-19 12:15:00
CVE-2022-21245
2022-01-19 12:15:00
CVE-2022-21595
2022-10-18 21:15:00
ubuntucve
ubuntucve
CVE-2022-21270
2022-01-19 00:00:00
CVE-2022-21245
2022-01-19 00:00:00
CVE-2022-21303
2022-01-19 00:00:00
cnvd
cnvd
Oracle MySQL Input Validation Error Vulnerability (CNVD-2022-09135)
2022-02-03 00:00:00
Oracle MySQL Input Validation Error Vulnerability (CNVD-2022-09144)
2022-02-03 00:00:00
Oracle MySQL Server Input Validation Error Vulnerability (CNVD-2022-17681)
2022-02-25 00:00:00
redhatcve
redhatcve
CVE-2022-21270
2022-01-21 17:12:32
CVE-2022-21367
2022-01-21 17:11:54
CVE-2022-21304
2022-01-21 17:12:43
veracode
veracode
Denial Of Service (DoS)
2022-11-10 00:27:42
Privilege Escalation
2022-11-10 00:27:06
Denial Of Service (DoS)
2022-11-23 00:45:28
mariadbunix
mariadbunix
CVE-2022-21595
2022-10-18 21:15:00
alpinelinux
alpinelinux
CVE-2021-22946
2021-09-29 20:15:00
hackerone
hackerone
curl: CVE-2021-22946: Protocol downgrade required TLS bypassed
2021-09-09 00:34:37
ibm
ibm
Security Bulletin: Security Vulnerabilities affect IBM Cloud Private - curl (CVE-2021-22946)
2022-04-22 20:04:20
Security Bulletin: IBM MQ is vulnerable to multiple issues with libcurl (CVE-2021-22946, CVE-2021-22947)
2021-12-17 13:33:37
cloudfoundry
cloudfoundry
USN-5270-1: MySQL vulnerabilities | Cloud Foundry
2022-03-10 00:00:00
USN-5079-1: curl vulnerabilities | Cloud Foundry
2021-10-28 00:00:00
freebsd
freebsd
MySQL -- Multiple vulnerabilities
2022-01-18 00:00:00
cURL -- Multiple vulnerabilities
2021-09-15 00:00:00
oraclelinux
oraclelinux
curl security update
2021-11-02 00:00:00
suse
suse
Security update for curl (moderate)
2021-10-18 00:00:00
Security update for curl (moderate)
2021-10-06 00:00:00
redhat
redhat
(RHSA-2021:4059) Moderate: curl security update
2021-11-02 07:49:01
(RHSA-2022:0635) Moderate: curl security update
2022-02-22 14:34:54
(RHSA-2022:1354) Moderate: rh-dotnet31-curl security update
2022-04-13 13:42:42
debian
debian
[SECURITY] [DLA 2773-1] curl security update
2021-09-30 21:58:49
rocky
rocky
curl security update
2021-11-02 07:49:01
almalinux
almalinux
Moderate: curl security update
2021-11-02 07:49:01
amazon
amazon
Medium: curl
2021-11-10 22:13:00
Medium: curl
2021-12-08 02:22:00
slackware
slackware
[slackware-security] curl
2021-09-16 03:11:12
mageia
mageia
Updated curl packages fix security vulnerability
2021-09-23 07:49:29

6.3 Medium

AI Score

Confidence

High

JSON
Related for MYSQL_5_7_37.NASL
osv18nessus39openvas34ubuntu6photon10fedora3cbl_mariner14debiancve8prion8cve8ubuntucve8cnvd5redhatcve8veracode8mariadbunix1alpinelinux1hackerone1ibm2cloudfoundry2freebsd2oraclelinux1suse2redhat3debian1rocky1almalinux1amazon2slackware1mageia1