PT-2018-3020 · Mysql Server+4 · Mysql Server+4

Publicado

2018-04-17

Atualizado

2024-06-15

CVE-2018-2786

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:S/C:N/I:P/A:C

Name of the Vulnerable Software and Affected Versions MySQL Server versions 5.7.21 and prior

Description The issue is related to a vulnerability in the InnoDB component of MySQL Server, which is associated with inadequate access control. This vulnerability can be exploited by a high-privileged attacker with network access via multiple protocols, allowing them to compromise MySQL Server. Successful attacks can result in the unauthorized ability to cause a hang or frequently repeatable crash of MySQL Server, as well as unauthorized update, insert, or delete access to some of MySQL Server's accessible data.

Recommendations For versions 5.7.21 and prior, update to a version later than 5.7.21 to resolve the issue. As a temporary workaround, consider restricting access to the InnoDB component to minimize the risk of exploitation.

Correção

Improper Access Control

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-284

Identificadores relacionados

ALT-PU-2018-1842

ALT-PU-2018-1993

ALT-PU-2018-2496

BDU:2019-03453

CVE-2018-2786

OPENSUSE-SU-2018_1595-1

OPENSUSE-SU-2024:11038-1

RHSA-2018:3655

RHSA-2019:1258

ROSA-SA-2023-2250

SUSE-RU-2023:3956-1

SUSE-RU-2023:4991-1

SUSE-SU-2018:1771-1

SUSE-SU-2018:1853-1

SUSE-SU-2019:1441-1

USN-3629-1

USN-3629-3

Produtos afetados

Alt Linux

Mariadb Server

Mysql Server

Suse

Ubuntu

PT-2018-3020 · Mysql Server+4 · Mysql Server+4

CVE-2018-2786

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 638