CVE-2018-2562

Published: Jan 18, 2018Modified: Nov 21, 2024

7.1

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

Exploitability: 2.8 / Impact: 4.2

Source: NVD

Description

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H).

Affected (27)

Products: Oracle: Mysql · Mariadb: Mariadb · Debian: Debian Linux · +3 more

Show all products

1 product

1 product

1 product

1 product

4 products

Active Iq Unified Manager

Oncommand Insight

Oncommand Workflow Automation

7 products

Enterprise Linux Desktop

Enterprise Linux Eus

Enterprise Linux Server

Enterprise Linux Server Aus

Enterprise Linux Server Tus

Enterprise Linux Workstation

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Oracle Mysql	From 5.5.0 to 5.5.58
Oracle Mysql	From 5.6.0 to 5.6.38
Oracle Mysql	From 5.7.0 to 5.7.19

Configuration B

4 vulnerable

Vulnerable Software	Affected Versions
Mariadb Mariadb	From 10.0.0 to 10.0.34
Mariadb Mariadb	From 10.1.0 to 10.1.31
Mariadb Mariadb	From 10.2.0 to 10.2.13
Mariadb Mariadb	From 5.5.0 to 5.5.59

Configuration C

3 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 7.0
Debian Debian Linux	Version 8.0
Debian Debian Linux	Version 9.0

Configuration D

1 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 12.04

Configuration E

5 vulnerable

Vulnerable Software	Affected Versions
Netapp Active Iq Unified Manager	From 9.5
Netapp Active Iq Unified Manager	From 7.3
Netapp Oncommand Insight	All versions
Netapp Oncommand Workflow Automation	All versions
Netapp Snapcenter	All versions

Configuration F

10 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux Desktop	Version 7.0
Redhat Enterprise Linux Eus	Version 7.5
Redhat Enterprise Linux Eus	Version 7.6
Redhat Enterprise Linux Eus	Version 7.7
Redhat Enterprise Linux Server	Version 7.0
Redhat Enterprise Linux Server Aus	Version 7.6
Redhat Enterprise Linux Server Aus	Version 7.7
Redhat Enterprise Linux Server Tus	Version 7.6
Redhat Enterprise Linux Server Tus	Version 7.7
Redhat Enterprise Linux Workstation	Version 7.0

Configuration G

1 vulnerable

Vulnerable Software	Affected Versions
Redhat Openstack	Version 12

References (28)

http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

Source: secalert_us@oracle.com

PatchVendor Advisory

http://www.securityfocus.com/bid/102713

Source: secalert_us@oracle.com

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1040216

Source: secalert_us@oracle.com

Broken LinkThird Party AdvisoryVDB Entry

https://access.redhat.com/errata/RHSA-2018:0587

Source: secalert_us@oracle.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:2439

Source: secalert_us@oracle.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:2729

Source: secalert_us@oracle.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:1258

Source: secalert_us@oracle.com

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html

Source: secalert_us@oracle.com

Mailing ListThird Party Advisory

https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html

Source: secalert_us@oracle.com

Mailing ListThird Party Advisory

https://security.netapp.com/advisory/ntap-20180117-0002/

Source: secalert_us@oracle.com

Third Party Advisory

https://usn.ubuntu.com/3537-1/

Source: secalert_us@oracle.com

Broken Link

https://usn.ubuntu.com/3537-2/

Source: secalert_us@oracle.com

Third Party Advisory

https://www.debian.org/security/2018/dsa-4091

Source: secalert_us@oracle.com

Third Party Advisory

https://www.debian.org/security/2018/dsa-4341

Source: secalert_us@oracle.com

Third Party Advisory

http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.securityfocus.com/bid/102713

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1040216

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkThird Party AdvisoryVDB Entry

https://access.redhat.com/errata/RHSA-2018:0587

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:2439

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:2729

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:1258

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://security.netapp.com/advisory/ntap-20180117-0002/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://usn.ubuntu.com/3537-1/

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

https://usn.ubuntu.com/3537-2/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.debian.org/security/2018/dsa-4091

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.debian.org/security/2018/dsa-4341

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.