7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
Blue Coat products using affected versions of MySQL 5.5 and 5.6 are susceptible to multiple vulnerabilities. An attacker can exploit these vulnerabilities to execute arbitrary code and gain unauthorized read, insert, update, or delete access to subsets of MySQL Server accessible data. The attacker can also cause denial of service through application crashes.
CVE |Affected Version(s)|Remediation
CVE-2015-4792, CVE-2015-4800,
CVE-2015-4802, CVE-2015-4815,
CVE-2015-4816, CVE-2015-4819,
CVE-2015-4826, CVE-2015-4830,
CVE-2015-4836, CVE-2015-4858,
CVE-2015-4861, CVE-2015-4864,
CVE-2015-4870, CVE-2015-4879,
CVE-2015-4913 | 4.2 | Upgrade to 4.2.8.
DLP
Please, contact Digital Guardian technical support regarding vulnerability information for DLP.
The following products are not vulnerable:
Advanced Secure Gateway
Android Mobile Agent
AuthConnector
BCAAA
Blue Coat HSM Agent for the Luna SP
CacheFlow
Client Connector
Cloud Data Protection for Salesforce
Cloud Data Protection for Salesforce Analytics
Cloud Data Protection for ServiceNow
Cloud Data Protection for Oracle CRM On Demand
Cloud Data Protection for Oracle Sales Cloud
Cloud Data Protection Integration Server
Cloud Data Protection Communication Server
Cloud Data Protection Policy Builder
Content Analysis System
Director
General Auth Connector Login Application
IntelligenceCenter
IntelligenceCenter Data Collector
K9
Mail Threat Defense
Management Center
Norman Shark Industrial Control System Protection
Norman Shark Network Protection
Norman Shark SCADA Protection
PacketShaper
PacketShaper S-Series
PolicyCenter
PolicyCenter S-Series
ProxyClient
ProxyAV
ProxyAV ConLog and ConLogXP
ProxySG
Reporter
Security Analytics
SSL Visibility
Unified Agent
X-Series XOS
Severity / CVSSv2 | Medium / 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P) References| SecurityFocus: BID 77199 / NVD: CVE-2015-4730 Impact| Denial of service Description | A flaw in the Server: Types sub-component allows a remote authenticated attacker to cause the server application to hang or repeatedly crash, resulting in denial of service.
Severity / CVSSv2 | Low / 1.9 (AV:L/AC:M/Au:N/C:N/I:N/A:P) References| SecurityFocus: BID 77232 / NVD: CVE-2015-4766 Impact| Denial of service Description | A flaw in the Server: Security: Firewall sub-component allows a local attacker to cause the server application to hang or repeatedly crash, resulting in denial of service.
Severity / CVSSv2 | Low / 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P) References| SecurityFocus: BID 77213 / NVD: CVE-2015-4791 Impact| Denial of service Description | A flaw in the Server: Security: Privileges sub-component allows a remote authenticated attacker to cause the server application to hang or repeatedly crash, resulting in denial of service.
Severity / CVSSv2 | Low / 1.7 (AV:N/AC:H/Au:M/C:N/I:N/A:P) References| SecurityFocus: BID 77171 / NVD: CVE-2015-4792 Impact| Denial of service Description | A flaw in the Server: Partition sub-component allows a remote authenticated attacker to cause the server application to hang or repeatedly crash, resulting in denial of service.
Severity / CVSSv2 | Medium / 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P) References| SecurityFocus: BID 77216 / NVD: CVE-2015-4800 Impact| Denial of service Description | A flaw in the Server: Optimizer sub-component allows a remote authenticated attacker to cause the server application to hang or repeatedly crash, resulting in denial of service.
Severity / CVSSv2 | Medium / 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P) References| SecurityFocus: BID 77165 / NVD: CVE-2015-4802 Impact| Denial of service Description | A flaw in the Server: Partition sub-component allows a remote authenticated attacker to cause the server application to hang to repeatedly crash, resulting in denial of service.
Severity / CVSSv2 | Low / 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P) References| SecurityFocus: BID 77205 / NVD: CVE-2015-4807 Impact| Denial of service Description | A flaw in the Server: Query Cache sub-component allows a remote authenticated attacker to cause the server application to hang or repeatedly crash, resulting in denial of service.
Severity / CVSSv2 | Medium / 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P) References| SecurityFocus: BID 77222 / NVD: CVE-2015-4815 Impact| Denial of service Description | A flaw in the Server: DDL sub-component allows a remote authenticated attacker to cause the server application to hang or repeatedly crash, resulting in denial of service.
Severity / CVSSv2 | Medium / 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P) References| SecurityFocus: BID 77134 / NVD: CVE-2015-4816 Impact| Denial of service Description | A flaw in the Server: InnoDB sub-component allows a remote authenticated attacker to cause the server application to hang or repeatedly crash, resulting in denial of service.
Severity / CVSSv2 | High / 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C) References| SecurityFocus: BID 77196 / NVD: CVE-2015-4819 Impact| Code execution Description | A flaw in the Client programs sub-component allows a local attacker to execute arbitrary code.
Severity / CVSSv2 | Medium / 4.0 (AV:N/AC:L/Au:S/C:P/I:N/A:N) References| SecurityFocus: BID 77237 / NVD: CVE-2015-4826 Impact| Information disclosure Description | A flaw in the Server: Types sub-component allows a remote authenticated attacker to gain unauthorized read access to a subset of data.
Severity / CVSSv2 | Medium / 4.0 (AV:N/AC:L/Au:S/C:N/I:P/A:N) References| SecurityFocus: BID 77228 / NVD: CVE-2015-4830 Impact| Unauthorized modification of data Description | A flaw in the Server: Security: Privileges sub-component allows a remote authenticated attacker to gain unauthorized update, insert, or delete access to a subset of data.
Severity / CVSSv2 | Medium / 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P) References| SecurityFocus: BID 77170 / NVD: CVE-2015-4833 Impact| Denial of service Description | A flaw in the Server: Partition sub-component allows a remote authenticated attacker to cause the server application to hang to repeatedly crash, resulting in denial of service.
Severity / CVSSv2 | Low / 2.8 (AV:N/AC:M/Au:M/C:N/I:N/A:P) References| SecurityFocus: BID 77190 / NVD: CVE-2015-4836 Impact| Denial of service Description | A flaw in the Server: SP sub-component allows a remote authenticated attacker to cause the server application to hang or repeatedly crash, resulting in denial of service.
Severity / CVSSv2 | Medium / 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P) References| SecurityFocus: BID 77145 / NVD: CVE-2015-4858 Impact| Denial of service Description | A flaw in the Server: DML sub-component allows a remote authenticated attacker to cause the server application to hang or repeatedly crash, resulting in denial of service.
Severity / CVSSv2 | Low / 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P) References| SecurityFocus: BID 77137 / NVD: CVE-2015-4861 Impact| Denial of service Description | A flaw in the Server: InnoDB sub-component allows a remote authenticated attacker to cause the server application to hang or repeatedly crash, resulting in denial of service.
Severity / CVSSv2 | Medium / 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P) References| SecurityFocus: BID 77147 / NVD: CVE-2015-4862 Impact| Denial of service Description | A flaw in the Server: DML sub-component allows a remote authenticated attacker to cause the server application to hang or repeatedly crash, resulting in denial of service.
Severity / CVSSv2 | Low / 3.5 (AV:N/AC:M/Au:S/C:N/I:P/A:N) References| SecurityFocus: BID 77187 / NVD: CVE-2015-4864 Impact| Unauthorized modification of data Description | A flaw in the Server: Security:Privileges sub-component allows a remote authenticated attacker to gain unauthorized update, insert, or delete access to a subset of data.
Severity / CVSSv2 | Medium / 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P) References| SecurityFocus: BID 77132 / NVD: CVE-2015-4866 Impact| Denial of service Description | A flaw in the Server: InnoDB sub-component allows a remote authenticated attacker to cause the server to hang or repeatedly crash, resulting in denial of service.
Severity / CVSSv2 | Medium / 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P) References| SecurityFocus: BID 77208 / NVD: CVE-2015-4870 Impact| Denial of service Description | A flaw in the Server: Parser sub-component allows a remote authenticated attacker to cause the server application to hang or repeatedly crash, resulting in denial of service.
Severity / CVSSv2 | Medium / 4.6 (AV:N/AC:H/Au:S/C:P/I:P/A:P) References| SecurityFocus: BID 77140 / NVD: CVE-2015-4879 Impact| Code execution Description | A flaw in the Server: DML sub-component allows a remote authenticated attacker to take over MySQL Server and possibly execute arbitrary code.
Severity / CVSSv2 | Low / 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P) References| SecurityFocus: BID 77231 / NVD: CVE-2015-4890 Impact| Denial of service Description | A flaw in the Server: Replication sub-component allows a remote authenticated attacker to cause the server application to hang or repeatedly crash, resulting in denial of service.
Severity / CVSSv2 | Low / 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P) References| SecurityFocus: BID 77136 / NVD: CVE-2015-4895 Impact| Denial of service Description | A flaw in the Server: InnoDB sub-component allows a remote authenticated attacker to cause the server application to hang or repeatedly crash, resulting in denial of service.
Severity / CVSSv2 | Medium / 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P) References| SecurityFocus: BID 77219 / NVD: CVE-2015-4904 Impact| Denial of service Description | A flaw in the libmysqld sub-component allows a remote authenticated attacker to cause the server application to hang or repeatedly crash, resulting in denial of service.
Severity / CVSSv2 | Medium / 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P) References| SecurityFocus: BID 77143 / NVD: CVE-2015-4905 Impact| Denial of service Description | A flaw in the Server: DML sub-component allows a remote authenticated attacker to cause the server application to hang or repeatedly crash, resulting in denial of service.
Severity / CVSSv2 | Low / 2.1 (AV:N/AC:H/Au:S/C:N/I:N/A:P) References| SecurityFocus: BID 77234 / NVD: CVE-2015-4910 Impact| Denial of service Description | A flaw in the Server: Memcached sub-component allows a remote authenticated attacker to cause the server application to hang or repeatedly crash, resulting in denial of service.
Severity / CVSSv2 | Low / 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P) References| SecurityFocus: BID 77153 / NVD: CVE-2015-4913 Impact| Denial of service Description | A flaw in the Server: DML sub-component allows a remote authenticated attacker to cause the server application to hang or repeatedly crash, resulting in denial of service.
Oracle Critical Patch Update Advisory (October 2015) - <https://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html#AppendixMSQL>
2016-11-01 Vulnerability inquiries for DLP should be addressed to Digital Guardian technical support. SA status moved to Final.
2016-06-11 PolicyCenter S-Series is not vulnerable.
2016-05-11 No Cloud Data Protection products are vulnerable.
2016-04-24 Mail Threat Defense is not vulnerable.
2016-03-10 A fix for MAA 4.2 is available in 4.2.8. It was previously reported that MAA 4.2 is vulnerable to CVE-2015-4730, CVE-2015-4766, CVE-2015-4791, CVE-2015-4807, CVE-2015-4833, CVE-2015-4862, CVE-2015-4866, CVE-2015-4890, CVE-2015-4895, CVE-2015-4904, CVE-2015-4905, and CVE-2015-4910. Further investigation has shown that MAA 4.2 is not vulnerable to those CVEs.
2015-12-17 initial public release
CPE | Name | Operator | Version |
---|---|---|---|
malware analysis appliance | eq | 4 |