Lucene search

[email protected]NVD:CVE-2019-2513

HistoryJan 16, 2019 - 7:30 p.m.

CVE-2019-2513

2019-01-1619:30:35

[email protected]

web.nvd.nist.gov

CVSS2

1.2

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:H/Au:N/C:P/I:N/A:N

CVSS3

2.5

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

17.6%

JSON

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Shell). Supported versions that are affected are 8.0.13 and prior. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 2.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N).

Affected configurations

Nvd

Node

oraclemysqlRange8.0.0–8.0.13

Node

netapponcommand_unified_managerRange7.3–9.5vsphere

netapponcommand_unified_managerRange7.3–9.5windows

netapponcommand_workflow_automationMatch-

netappsnapcenterMatch-

netappstorage_automation_storeMatch-

VendorProductVersionCPE
oraclemysql*cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
netapponcommand_unified_manager*cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*
netapponcommand_unified_manager*cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*
netapponcommand_workflow_automation-cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
netappsnapcenter-cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*
netappstorage_automation_store-cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
oracle	mysql	*	cpe:2.3:a:oracle:mysql::::::::
netapp	oncommand_unified_manager	*	cpe:2.3:a:netapp:oncommand_unified_manager::::::vsphere::*
netapp	oncommand_unified_manager	*	cpe:2.3:a:netapp:oncommand_unified_manager::::::windows::*
netapp	oncommand_workflow_automation	-	cpe:2.3:a:netapp:oncommand_workflow_automation:-:::::::*
netapp	snapcenter	-	cpe:2.3:a:netapp:snapcenter:-:::::::*
netapp	storage_automation_store	-	cpe:2.3:a:netapp:storage_automation_store:-:::::::*