6.4 Medium
CVSS3
Attack Vector
ADJACENT_NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H
3.8 Low
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:A/AC:M/Au:S/C:P/I:N/A:P
0.001 Low
EPSS
Percentile
45.3%
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent:
Server: Connection Handling). Supported versions that are affected are
5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Difficult to
exploit vulnerability allows low privileged attacker with access to the
physical communication segment attached to the hardware where the MySQL
Server executes to compromise MySQL Server. Successful attacks of this
vulnerability can result in unauthorized access to critical data or
complete access to all MySQL Server accessible data and unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.0 Base Score 6.4 (Confidentiality and Availability
impacts). CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H).
Author | Note |
---|---|
leosilva | there is no way to update mysql-5.5 through upstream marking it deferred 2019-10-03 |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 16.04 | noarch | mariadb-10.0 | < 10.0.38-0ubuntu0.16.04.1 | UNKNOWN |
ubuntu | 18.04 | noarch | mariadb-10.1 | < 1:10.1.38-0ubuntu0.18.04.1 | UNKNOWN |
ubuntu | 18.10 | noarch | mariadb-10.1 | < 1:10.1.38-0ubuntu0.18.10.2 | UNKNOWN |
ubuntu | 14.04 | noarch | mariadb-5.5 | < 5.5.63-1ubuntu0.14.04.1 | UNKNOWN |
ubuntu | 18.04 | noarch | mysql-5.7 | < 5.7.25-0ubuntu0.18.04.2 | UNKNOWN |
ubuntu | 18.10 | noarch | mysql-5.7 | < 5.7.25-0ubuntu0.18.10.2 | UNKNOWN |
ubuntu | 19.04 | noarch | mysql-5.7 | < 5.7.25-1 | UNKNOWN |
ubuntu | 16.04 | noarch | mysql-5.7 | < 5.7.25-0ubuntu0.16.04.2 | UNKNOWN |
ubuntu | 16.04 | noarch | percona-server-5.6 | < any | UNKNOWN |
ubuntu | 16.04 | noarch | percona-xtradb-cluster-5.6 | < any | UNKNOWN |
6.4 Medium
CVSS3
Attack Vector
ADJACENT_NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H
3.8 Low
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:A/AC:M/Au:S/C:P/I:N/A:P
0.001 Low
EPSS
Percentile
45.3%