Vulnerabilities > CVE-2019-2922

047910
CVSS 5.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
LOW
Integrity impact
NONE
Availability impact
NONE
network
low complexity
oracle
canonical
netapp
nessus

Summary

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 5.6.45 and prior and 5.7.27 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

Vulnerable Configurations

Part Description Count
Application
Oracle
78
Application
Netapp
5
OS
Canonical
4

Nessus

  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4195-1.NASL
    descriptionMultiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.18 in Ubuntu 19.10. Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 19.04 have been updated to MySQL 5.7.28. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-28.html https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-18.html https://www.oracle.com/security-alerts/cpuoct2019.html Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id131161
    published2019-11-20
    reporterUbuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131161
    titleUbuntu 16.04 LTS / 18.04 LTS / 19.04 / 19.10 : mysql-5.7, mysql-8.0 vulnerabilities (USN-4195-1)
  • NASL familyDatabases
    NASL idMYSQL_5_6_46.NASL
    descriptionThe version of MySQL running on the remote host is 5.6.x prior to 5.6.46. It is, therefore, affected by multiple vulnerabilities, including three of the top vulnerabilities below, as noted in the October 2019 Critical Patch Update advisory: - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2019-2794) - Vulnerabilities in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Easily exploitable vulnerabilities allow unauthenticated attackers with network access via multiple protocols to compromise MySQL Server. Successful exploitation of these vulnerabilities can result in unauthorized read access to a subset of MySQL Server accessible data. (CVE-2019-2923, CVE-2019-2924) Note that Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-04-18
    modified2019-10-18
    plugin id130025
    published2019-10-18
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130025
    titleMySQL 5.6.x < 5.6.46 Multiple Vulnerabilities (Oct 2019 CPU)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_FC91F2EFFD7B11E9A1C7B499BAEBFEAF.NASL
    descriptionOracle reports : This Critical Patch Update contains 31 new security fixes for Oracle MySQL. 6 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.
    last seen2020-06-01
    modified2020-06-02
    plugin id130496
    published2019-11-04
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130496
    titleFreeBSD : MySQL -- Multiple vulerabilities (fc91f2ef-fd7b-11e9-a1c7-b499baebfeaf)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2020-1_0-0284_MYSQL.NASL
    descriptionAn update of the mysql package has been released.
    last seen2020-03-27
    modified2020-03-24
    plugin id134835
    published2020-03-24
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134835
    titlePhoton OS 1.0: Mysql PHSA-2020-1.0-0284
  • NASL familyDatabases
    NASL idMYSQL_5_7_28.NASL
    descriptionThe version of MySQL running on the remote host is 5.7.x prior to 5.7.28. It is, therefore, affected by multiple vulnerabilities, including three of the top vulnerabilities below, as noted in the October 2019 Critical Patch Update advisory: - Vulnerabilities in the MySQL Server product of Oracle MySQL (component: Server: Optimizer and PS). Easily exploitable vulnerabilities which allow low privileged attackers with network access via multiple protocols to compromise MySQL Server. Successful exploitation of these vulnerabilities can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2019-2946, CVE-2019-2974) - A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will make curl <= 7.65.1 automatically run the code (as an openssl
    last seen2020-05-08
    modified2019-10-18
    plugin id130026
    published2019-10-18
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130026
    titleMySQL 5.7.x < 5.7.28 Multiple Vulnerabilities (Oct 2019 CPU)