Lucene search

K
ubuntucveUbuntu.comUB:CVE-2019-2822
HistoryJul 23, 2019 - 12:00 a.m.

CVE-2019-2822

2019-07-2300:00:00
ubuntu.com
ubuntu.com
18
mysql server
oracle
vulnerability
unauthenticated
takeover
compromise
cvss 3.0
confidentiality
integrity
availability

CVSS2

5.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.003

Percentile

69.3%

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent:
Shell: Admin / InnoDB Cluster). Supported versions that are affected are
8.0.16 and prior. Difficult to exploit vulnerability allows unauthenticated
attacker with network access via multiple protocols to compromise MySQL
Server. Successful attacks require human interaction from a person other
than the attacker. Successful attacks of this vulnerability can result in
takeover of MySQL Server. CVSS 3.0 Base Score 7.5 (Confidentiality,
Integrity and Availability impacts). CVSS Vector:
(CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).

Notes

Author Note
mdeslaur 8.x only

CVSS2

5.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.003

Percentile

69.3%