PT-2019-5709 · Mysql Server+6 · Mysql Client+6

Publicado

2015-09-02

·

Atualizado

2025-06-10

·

CVE-2021-2007

CVSS v2.0

4.3

Média

VetorAV:N/AC:M/Au:N/C:P/I:N/A:N
Name of the Vulnerable Software and Affected Versions MySQL Client versions 5.6.47 and prior MySQL Client versions 5.7.29 and prior MySQL Client versions 8.0.19 and prior
Description The issue is related to insufficient access control in the C API component of the MySQL Client. It allows a remote attacker to gain unauthorized access to protected information using the MySQL protocol. Successful attacks can result in unauthorized read access to a subset of MySQL Client accessible data.
Recommendations For MySQL Client versions 5.6.47 and prior, update to a version later than 5.6.47 to resolve the issue. For MySQL Client versions 5.7.29 and prior, update to a version later than 5.7.29 to resolve the issue. For MySQL Client versions 8.0.19 and prior, update to a version later than 8.0.19 to resolve the issue. As a temporary workaround, consider restricting network access to the MySQL Client to minimize the risk of exploitation.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-264

Identificadores relacionados

ALSA-2019:3708
ALSA-2020:3732
ALSA-2020:5503
ALT-PU-2015-1749
ALT-PU-2019-2435
ALT-PU-2019-2436
ALT-PU-2020-1885
ALT-PU-2020-1904
BDU:2021-00422
BIT-MARIADB-2021-2007
BIT-MARIADB-MIN-2021-2007
BIT-MYSQL-CLIENT-2021-2007
CESA-2019_3708
CESA-2020_1100
CESA-2020_3732
CESA-2020_5503
CVE-2021-2007
OESA-2021-1088
OESA-2022-1634
RHSA-2019:3708
RHSA-2019_3708
RHSA-2020:1100
RHSA-2020:3518
RHSA-2020:3732
RHSA-2020:3755
RHSA-2020:3757
RHSA-2020:5246
RHSA-2020:5503
RHSA-2020:5655
RHSA-2020:5660
RHSA-2020:5662
RHSA-2020:5663
RHSA-2020_1100
RHSA-2020_3732
RHSA-2020_5503
RLSA-2019:3708
RLSA-2020:3732
RLSA-2020:5503

Produtos afetados

Alt Linux
Almalinux
Centos
Mariadb Server
Mysql Client
Red Hat
Rocky Linux