CVE-2019-2632

Published: Apr 23, 2019Modified: Nov 21, 2024

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Pluggable Auth). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Affected (6)

Products: Oracle: Mysql · Canonical: Ubuntu Linux

1 product

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Oracle Mysql	From 5.7.0 to 5.7.25
Oracle Mysql	From 8.0.0 to 8.0.15

Configuration B

4 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 16.04
Canonical Ubuntu Linux	Version 18.04
Canonical Ubuntu Linux	Version 18.10
Canonical Ubuntu Linux	Version 19.04

References (6)

http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

Source: secalert_us@oracle.com

PatchVendor Advisory

https://support.f5.com/csp/article/K32798641

Source: secalert_us@oracle.com

Third Party Advisory

https://usn.ubuntu.com/3957-1/

Source: secalert_us@oracle.com

Third Party Advisory

http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://support.f5.com/csp/article/K32798641

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://usn.ubuntu.com/3957-1/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.