Veracode Vulnerability DatabaseVERACODE:18377Privilege Escalation
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
Oracle MySQL is vulnerable to privilege escalation attacks. A remote, authenticated attacker could insert malicious input leading to the exploitation of the flawed Client programs component to gain elevated privileges. Successful attacks could result in unauthorized access to critical data or complete access to all MySQL Server accessible data.
References
www.debian.org/security/2017/dsa-4002
www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL
www.securityfocus.com/bid/101415
www.securitytracker.com/id/1039597
access.redhat.com/errata/RHSA-2017:3265
access.redhat.com/errata/RHSA-2017:3442
access.redhat.com/errata/RHSA-2018:0279
access.redhat.com/errata/RHSA-2018:0574
access.redhat.com/errata/RHSA-2018:2439
access.redhat.com/errata/RHSA-2018:2729
access.redhat.com/security/updates/classification/#important
dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-38.html
security.netapp.com/advisory/ntap-20171019-0002/
Related
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N