Vulnerabilities > CVE-2019-2969

CVSS 6.2 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

local

low complexity

oracle

canonical

netapp

nessus

NVD

Published: 2019-10-16

Updated: 2023-01-31

Summary

Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 6.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Vulnerable Configurations

Part	Description	Count
Application	Oracle Oracle Mysql 8.0.0 Oracle Mysql 8.0.1 Oracle Mysql 8.0.2 Oracle Mysql 8.0.3 Oracle Mysql 8.0.4 Oracle Mysql 8.0.5 Oracle Mysql 8.0.10 Oracle Mysql 8.0.11 Oracle Mysql 8.0.12 Oracle Mysql 8.0.13 Oracle Mysql 8.0.14 Oracle Mysql 8.0.15 Oracle Mysql 8.0.16 Oracle Mysql 5.7.0 Oracle Mysql 5.7.1 Oracle Mysql 5.7.2 Oracle Mysql 5.7.3 Oracle Mysql 5.7.4 Oracle Mysql 5.7.5 Oracle Mysql 5.7.6 Oracle Mysql 5.7.7 Oracle Mysql 5.7.8 Oracle Mysql 5.7.9 Oracle Mysql 5.7.10 Oracle Mysql 5.7.11 Oracle Mysql 5.7.12 Oracle Mysql 5.7.13 Oracle Mysql 5.7.14 Oracle Mysql 5.7.15 Oracle Mysql 5.7.16 Oracle Mysql 5.7.17 Oracle Mysql 5.7.18 Oracle Mysql 5.7.19 Oracle Mysql 5.7.20 Oracle Mysql 5.7.21 Oracle Mysql 5.7.22 Oracle Mysql 5.7.23 Oracle Mysql 5.7.24 Oracle Mysql 5.7.25 Oracle Mysql 5.7.26 Oracle Mysql 5.6.0 Oracle Mysql 5.6.1 Oracle Mysql 5.6.2 Oracle Mysql 5.6.3 Oracle Mysql 5.6.4 Oracle Mysql 5.6.5 Oracle Mysql 5.6.6 Oracle Mysql 5.6.7 Oracle Mysql 5.6.8 Oracle Mysql 5.6.9 Oracle Mysql 5.6.10 Oracle Mysql 5.6.11 Oracle Mysql 5.6.12 Oracle Mysql 5.6.13 Oracle Mysql 5.6.14 Oracle Mysql 5.6.15 Oracle Mysql 5.6.16 Oracle Mysql 5.6.17 Oracle Mysql 5.6.18 Oracle Mysql 5.6.19 Oracle Mysql 5.6.20 Oracle Mysql 5.6.21 Oracle Mysql 5.6.22 Oracle Mysql 5.6.23 Oracle Mysql 5.6.24 Oracle Mysql 5.6.25 Oracle Mysql 5.6.26 Oracle Mysql 5.6.27 Oracle Mysql 5.6.28 Oracle Mysql 5.6.29 Oracle Mysql 5.6.30 Oracle Mysql 5.6.31 Oracle Mysql 5.6.32 Oracle Mysql 5.6.33 Oracle Mysql 5.6.34 Oracle Mysql 5.6.35 Oracle Mysql 5.6.36 Oracle Mysql 5.6.37 Oracle Mysql 5.6.38 Oracle Mysql 5.6.39 Oracle Mysql 5.6.40 Oracle Mysql 5.6.41 Oracle Mysql 5.6.42 Oracle Mysql 5.6.43 Oracle Mysql 5.6.44	89
Application	Netapp Netapp Snapcenter - Netapp Oncommand Workflow Automation - Netapp Oncommand Insight - Netapp Active IQ Unified Manager -	5
OS	Canonical Canonical Ubuntu Linux 18.04 Canonical Ubuntu Linux 19.04 Canonical Ubuntu Linux 19.10 Canonical Ubuntu Linux 16.04	4

Nessus

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2019-2511.NASL
description	An update for the mysql:8.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs. The following packages have been upgraded to a later upstream version: mysql (8.0.17). Security Fix(es) : * mysql: Server: Replication multiple unspecified vulnerabilities (CVE-2019-2800, CVE-2019-2436, CVE-2019-2531, CVE-2019-2534, CVE-2019-2614, CVE-2019-2617, CVE-2019-2630, CVE-2019-2634, CVE-2019-2635, CVE-2019-2755) * mysql: Server: Optimizer multiple unspecified vulnerabilities (CVE-2019-2420, CVE-2019-2481, CVE-2019-2507, CVE-2019-2529, CVE-2019-2530, CVE-2019-2581, CVE-2019-2596, CVE-2019-2607, CVE-2019-2625, CVE-2019-2681, CVE-2019-2685, CVE-2019-2686, CVE-2019-2687, CVE-2019-2688, CVE-2019-2689, CVE-2019-2693, CVE-2019-2694, CVE-2019-2695, CVE-2019-2757, CVE-2019-2774, CVE-2019-2796, CVE-2019-2802, CVE-2019-2803, CVE-2019-2808, CVE-2019-2810, CVE-2019-2812, CVE-2019-2815, CVE-2019-2830, CVE-2019-2834) * mysql: Server: Parser multiple unspecified vulnerabilities (CVE-2019-2434, CVE-2019-2455, CVE-2019-2805) * mysql: Server: PS multiple unspecified vulnerabilities (CVE-2019-2482, CVE-2019-2592) * mysql: Server: Security: Privileges multiple unspecified vulnerabilities (CVE-2019-2486, CVE-2019-2532, CVE-2019-2533, CVE-2019-2584, CVE-2019-2589, CVE-2019-2606, CVE-2019-2620, CVE-2019-2627, CVE-2019-2739, CVE-2019-2778, CVE-2019-2811, CVE-2019-2789) * mysql: Server: DDL multiple unspecified vulnerabilities (CVE-2019-2494, CVE-2019-2495, CVE-2019-2537, CVE-2019-2626, CVE-2019-2644) * mysql: InnoDB multiple unspecified vulnerabilities (CVE-2019-2502, CVE-2019-2510, CVE-2019-2580, CVE-2019-2585, CVE-2019-2593, CVE-2019-2624, CVE-2019-2628, CVE-2019-2758, CVE-2019-2785, CVE-2019-2798, CVE-2019-2879, CVE-2019-2814) * mysql: Server: Connection Handling unspecified vulnerability (CVE-2019-2503) * mysql: Server: Partition multiple unspecified vulnerabilities (CVE-2019-2528, CVE-2019-2587) * mysql: Server: Options multiple unspecified vulnerabilities (CVE-2019-2535, CVE-2019-2623, CVE-2019-2683, CVE-2019-2752) * mysql: Server: Packaging unspecified vulnerability (CVE-2019-2536) * mysql: Server: Connection unspecified vulnerability (CVE-2019-2539) * mysql: Server: Information Schema unspecified vulnerability (CVE-2019-2631) * mysql: Server: Group Replication Plugin unspecified vulnerability (CVE-2019-2636) * mysql: Server: Security: Roles multiple unspecified vulnerabilities (CVE-2019-2691, CVE-2019-2826) * mysql: Server: Pluggable Auth unspecified vulnerability (CVE-2019-2737) * mysql: Server: XML unspecified vulnerability (CVE-2019-2740) * mysql: Server: Components / Services unspecified vulnerability (CVE-2019-2780) * mysql: Server: DML unspecified vulnerability (CVE-2019-2784) * mysql: Server: Charsets unspecified vulnerability (CVE-2019-2795) * mysql: Client programs unspecified vulnerability (CVE-2019-2797) * mysql: Server: FTS unspecified vulnerability (CVE-2019-2801) * mysql: Server: Security: Audit unspecified vulnerability (CVE-2019-2819) * mysql: Server: Compiling unspecified vulnerability (CVE-2019-2738) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
last seen	2020-05-23
modified	2019-08-20
plugin id	127991
published	2019-08-20
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/127991
title	RHEL 8 : mysql:8.0 (RHSA-2019:2511)

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-4195-1.NASL
description	Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.18 in Ubuntu 19.10. Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 19.04 have been updated to MySQL 5.7.28. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-28.html https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-18.html https://www.oracle.com/security-alerts/cpuoct2019.html Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	131161
published	2019-11-20
reporter	Ubuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/131161
title	Ubuntu 16.04 LTS / 18.04 LTS / 19.04 / 19.10 : mysql-5.7, mysql-8.0 vulnerabilities (USN-4195-1)

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2019-2511.NASL
description	From Red Hat Security Advisory 2019:2511 : An update for the mysql:8.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs. The following packages have been upgraded to a later upstream version: mysql (8.0.17). Security Fix(es) : * mysql: Server: Replication multiple unspecified vulnerabilities (CVE-2019-2800, CVE-2019-2436, CVE-2019-2531, CVE-2019-2534, CVE-2019-2614, CVE-2019-2617, CVE-2019-2630, CVE-2019-2634, CVE-2019-2635, CVE-2019-2755) * mysql: Server: Optimizer multiple unspecified vulnerabilities (CVE-2019-2420, CVE-2019-2481, CVE-2019-2507, CVE-2019-2529, CVE-2019-2530, CVE-2019-2581, CVE-2019-2596, CVE-2019-2607, CVE-2019-2625, CVE-2019-2681, CVE-2019-2685, CVE-2019-2686, CVE-2019-2687, CVE-2019-2688, CVE-2019-2689, CVE-2019-2693, CVE-2019-2694, CVE-2019-2695, CVE-2019-2757, CVE-2019-2774, CVE-2019-2796, CVE-2019-2802, CVE-2019-2803, CVE-2019-2808, CVE-2019-2810, CVE-2019-2812, CVE-2019-2815, CVE-2019-2830, CVE-2019-2834) * mysql: Server: Parser multiple unspecified vulnerabilities (CVE-2019-2434, CVE-2019-2455, CVE-2019-2805) * mysql: Server: PS multiple unspecified vulnerabilities (CVE-2019-2482, CVE-2019-2592) * mysql: Server: Security: Privileges multiple unspecified vulnerabilities (CVE-2019-2486, CVE-2019-2532, CVE-2019-2533, CVE-2019-2584, CVE-2019-2589, CVE-2019-2606, CVE-2019-2620, CVE-2019-2627, CVE-2019-2739, CVE-2019-2778, CVE-2019-2811, CVE-2019-2789) * mysql: Server: DDL multiple unspecified vulnerabilities (CVE-2019-2494, CVE-2019-2495, CVE-2019-2537, CVE-2019-2626, CVE-2019-2644) * mysql: InnoDB multiple unspecified vulnerabilities (CVE-2019-2502, CVE-2019-2510, CVE-2019-2580, CVE-2019-2585, CVE-2019-2593, CVE-2019-2624, CVE-2019-2628, CVE-2019-2758, CVE-2019-2785, CVE-2019-2798, CVE-2019-2879, CVE-2019-2814) * mysql: Server: Connection Handling unspecified vulnerability (CVE-2019-2503) * mysql: Server: Partition multiple unspecified vulnerabilities (CVE-2019-2528, CVE-2019-2587) * mysql: Server: Options multiple unspecified vulnerabilities (CVE-2019-2535, CVE-2019-2623, CVE-2019-2683, CVE-2019-2752) * mysql: Server: Packaging unspecified vulnerability (CVE-2019-2536) * mysql: Server: Connection unspecified vulnerability (CVE-2019-2539) * mysql: Server: Information Schema unspecified vulnerability (CVE-2019-2631) * mysql: Server: Group Replication Plugin unspecified vulnerability (CVE-2019-2636) * mysql: Server: Security: Roles multiple unspecified vulnerabilities (CVE-2019-2691, CVE-2019-2826) * mysql: Server: Pluggable Auth unspecified vulnerability (CVE-2019-2737) * mysql: Server: XML unspecified vulnerability (CVE-2019-2740) * mysql: Server: Components / Services unspecified vulnerability (CVE-2019-2780) * mysql: Server: DML unspecified vulnerability (CVE-2019-2784) * mysql: Server: Charsets unspecified vulnerability (CVE-2019-2795) * mysql: Client programs unspecified vulnerability (CVE-2019-2797) * mysql: Server: FTS unspecified vulnerability (CVE-2019-2801) * mysql: Server: Security: Audit unspecified vulnerability (CVE-2019-2819) * mysql: Server: Compiling unspecified vulnerability (CVE-2019-2738) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
last seen	2020-06-01
modified	2020-06-02
plugin id	127983
published	2019-08-20
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/127983
title	Oracle Linux 8 : mysql:8.0 (ELSA-2019-2511)

NASL family	FreeBSD Local Security Checks
NASL id	FREEBSD_PKG_FC91F2EFFD7B11E9A1C7B499BAEBFEAF.NASL
description	Oracle reports : This Critical Patch Update contains 31 new security fixes for Oracle MySQL. 6 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.
last seen	2020-06-01
modified	2020-06-02
plugin id	130496
published	2019-11-04
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/130496
title	FreeBSD : MySQL -- Multiple vulerabilities (fc91f2ef-fd7b-11e9-a1c7-b499baebfeaf)

NASL family	Databases
NASL id	MYSQL_5_7_27_JULY.NASL
description	The version of MySQL running on the remote host is 5.7.x prior to 5.7.27. It is, therefore, affected by multiple vulnerabilities, including three of the top vulnerabilities below, as noted in the July 2019 Critical Patch Update advisory: - A stack-based buffer overflow vulnerability in the
last seen	2020-04-18
modified	2019-07-18
plugin id	126783
published	2019-07-18
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/126783
title	MySQL 5.7.x < 5.7.27 Multiple Vulnerabilities (Jul 2019 CPU)

NASL family	PhotonOS Local Security Checks
NASL id	PHOTONOS_PHSA-2020-1_0-0284_MYSQL.NASL
description	An update of the mysql package has been released.
last seen	2020-03-27
modified	2020-03-24
plugin id	134835
published	2020-03-24
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/134835
title	Photon OS 1.0: Mysql PHSA-2020-1.0-0284

NASL family	Databases
NASL id	MYSQL_8_0_17.NASL
description	The version of MySQL running on the remote host is 8.0.x prior to 8.0.17. It is, therefore, affected by multiple vulnerabilities, including three of the top vulnerabilities below, as noted in the July 2019 Critical Patch Update advisory: - An unspecified vulnerability in the
last seen	2020-04-18
modified	2019-07-18
plugin id	126784
published	2019-07-18
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/126784
title	MySQL 8.0.x < 8.0.17 Multiple Vulnerabilities (July 2019 CPU)

NASL family	Databases
NASL id	MYSQL_5_6_45.NASL
description	The version of MySQL running on the remote host is 5.6.x prior to 5.6.45. It is, therefore, affected by multiple vulnerabilities, including three of the top vulnerabilities below, as noted in the July 2019 Critical Patch Update advisory: - An unspecified vulnerability in the
last seen	2020-04-18
modified	2019-07-18
plugin id	126782
published	2019-07-18
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/126782
title	MySQL 5.6.x < 5.6.45 Multiple Vulnerabilities (Jul 2019 CPU)

Redhat

rpms

rh-mysql80-mysql-0:8.0.17-1.el7
rh-mysql80-mysql-common-0:8.0.17-1.el7
rh-mysql80-mysql-config-0:8.0.17-1.el7
rh-mysql80-mysql-config-syspaths-0:8.0.17-1.el7
rh-mysql80-mysql-debuginfo-0:8.0.17-1.el7
rh-mysql80-mysql-devel-0:8.0.17-1.el7
rh-mysql80-mysql-errmsg-0:8.0.17-1.el7
rh-mysql80-mysql-server-0:8.0.17-1.el7
rh-mysql80-mysql-server-syspaths-0:8.0.17-1.el7
rh-mysql80-mysql-syspaths-0:8.0.17-1.el7
rh-mysql80-mysql-test-0:8.0.17-1.el7
mecab-0:0.996-1.module+el8.0.0+3898+e09bb8de.9
mecab-debuginfo-0:0.996-1.module+el8.0.0+3898+e09bb8de.9
mecab-debugsource-0:0.996-1.module+el8.0.0+3898+e09bb8de.9
mecab-ipadic-0:2.7.0.20070801-16.module+el8.0.0+3898+e09bb8de
mecab-ipadic-EUCJP-0:2.7.0.20070801-16.module+el8.0.0+3898+e09bb8de
mysql-0:8.0.17-3.module+el8.0.0+3898+e09bb8de
mysql-common-0:8.0.17-3.module+el8.0.0+3898+e09bb8de
mysql-debuginfo-0:8.0.17-3.module+el8.0.0+3898+e09bb8de
mysql-debugsource-0:8.0.17-3.module+el8.0.0+3898+e09bb8de
mysql-devel-0:8.0.17-3.module+el8.0.0+3898+e09bb8de
mysql-devel-debuginfo-0:8.0.17-3.module+el8.0.0+3898+e09bb8de
mysql-errmsg-0:8.0.17-3.module+el8.0.0+3898+e09bb8de
mysql-libs-0:8.0.17-3.module+el8.0.0+3898+e09bb8de
mysql-libs-debuginfo-0:8.0.17-3.module+el8.0.0+3898+e09bb8de
mysql-server-0:8.0.17-3.module+el8.0.0+3898+e09bb8de
mysql-server-debuginfo-0:8.0.17-3.module+el8.0.0+3898+e09bb8de
mysql-test-0:8.0.17-3.module+el8.0.0+3898+e09bb8de
mysql-test-debuginfo-0:8.0.17-3.module+el8.0.0+3898+e09bb8de

Vulnerabilities > CVE-2019-2969 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2019-2969"}]}

Summary

Vulnerable Configurations

Nessus

Redhat

References

Vulnerabilities > CVE-2019-2969