CVE-2019-2503 - Improper Access Control

Severity

38%

Complexity

44%

Confidentiality

81%

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Connection Handling). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Difficult to exploit vulnerability allows low privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.4 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H).

CVSS 3.0 Base Score 6.4. CVSS Attack Vector: adjacent_network. CVSS Attack Complexity: high. CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H).

CVSS 2.0 Base Score 3.8. CVSS Attack Vector: adjacent_network. CVSS Attack Complexity: medium. CVSS Vector: (AV:A/AC:M/Au:S/C:P/I:N/A:P).

Overview

First reported 6 years ago

2019-01-16 19:30:00

Last updated 5 years ago

2019-05-21 22:29:00

Affected Software

Oracle MySQL -

References

http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

Patch, Vendor Advisory

106626

Third Party Advisory, VDB Entry

RHSA-2019:1258

RHSA-2019:2327

RHSA-2019:2484

RHSA-2019:2511

https://security.netapp.com/advisory/ntap-20190118-0002/

USN-3867-1

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.