Vulnerability CVE-2014-4258


Published: 2014-07-17

Description:
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SRINFOSC.

Type:

CWE-noinfo

CVSS2 => (AV:N/AC:L/Au:S/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.5/10
6.4/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Vmware -> Vcenter server appliance 
Oracle -> Mysql 
Oracle -> Solaris 
Opensuse project -> Suse linux enterprise desktop 
Opensuse project -> Suse linux enterprise server 
Opensuse project -> Suse linux enterprise software development kit 
Mysql -> Mysql 
Debian -> Debian linux 

 References:
http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html
http://seclists.org/fulldisclosure/2014/Dec/23
http://secunia.com/advisories/60425
http://www.debian.org/security/2014/dsa-2985
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
http://www.securityfocus.com/archive/1/534161/100/0/threaded
http://www.securityfocus.com/bid/68564
http://www.securitytracker.com/id/1030578
http://www.vmware.com/security/advisories/VMSA-2014-0012.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/94620

Copyright 2024, cxsecurity.com

 

Back to Top