PT-2019-3707 · Oracle+7 · Oracle Hospitality Reporting/Analytics+7

Publicado

2019-08-09

Atualizado

2023-01-31

CVE-2019-2950

CVSS v2.0

6.8

Média

Vetor

AV:N/AC:L/Au:S/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions MySQL Server versions 8.0.16 and prior Oracle Hospitality Reporting and Analytics (affected versions not specified)

Description The issue is related to inadequate access control in the Server: Optimizer component of MySQL Server and the Oracle Hospitality Reporting and Analytics package. Exploitation of this issue may allow a remote attacker to cause a hang or crash of the MySQL Server using the network MySQL protocol or gain unauthorized access to protected data via the HTTP protocol.

Recommendations For MySQL Server versions 8.0.16 and prior: update to a version that addresses the access control issue in the Server: Optimizer component. For Oracle Hospitality Reporting and Analytics: at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-264

Identificadores relacionados

ALSA-2019:2511

ALT-PU-2019-2432

ALT-PU-2020-1827

BDU:2019-03933

BDU:2019-03934

CESA-2019_2511

CVE-2019-2950

RHSA-2019:2484

RHSA-2019:2511

RHSA-2019_2511

RLSA-2019:2511

USN-4195-1

Produtos afetados

Alt Linux

Almalinux

Centos

Mysql Server

Oracle Hospitality Reporting/Analytics

Red Hat

Rocky Linux

Ubuntu

PT-2019-3707 · Oracle+7 · Oracle Hospitality Reporting/Analytics+7

CVE-2019-2950

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 656