Vulnerability CVE-2019-2537

Vulnerability CVE-2019-2537

Published: 2019-01-16

Description:

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Type:

CWE-284

(Improper Access Control)

CVSS2 => (AV:N/AC:L/Au:S/C:N/I:N/A:P)

CVSS Base Score	Impact Subscore	Exploitability Subscore
4/10	2.9/10	8/10

Exploit range	Attack complexity	Authentication
Remote	Low	Single time
Confidentiality impact	Integrity impact	Availability impact
None	None	Partial

Affected software
Oracle -> Mysql
Netapp -> Oncommand workflow automation
Netapp -> Snapcenter
Netapp -> Storage automation store
Debian -> Debian linux
Canonical -> Ubuntu linux

References:

http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

http://www.securityfocus.com/bid/106619

https://access.redhat.com/errata/RHSA-2019:1258

https://lists.debian.org/debian-lts-announce/2019/02/msg00000.html

https://security.netapp.com/advisory/ntap-20190118-0002/

https://usn.ubuntu.com/3867-1/

Copyright 2024, cxsecurity.com