PT-2018-15889 · Oracle · Mysql Server
Published
2018-04-19
·
Updated
2018-04-27
·
CVE-2018-2877
CVSS v3.1
5.0
Medium
| Vector | AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Oracle MySQL versions 7.2.27 and prior
Oracle MySQL versions 7.3.16 and prior
Oracle MySQL versions 7.4.14 and prior
Oracle MySQL versions 7.5.5 and prior
Description
A vulnerability in the MySQL Cluster component allows a low-privileged attacker with logon to the infrastructure where MySQL Cluster executes to compromise MySQL Cluster. The attack requires human interaction from a person other than the attacker and can result in the unauthorized ability to cause a hang or frequently repeatable crash of MySQL Cluster.
Recommendations
For versions 7.2.27 and prior, update to a version later than 7.2.27.
For versions 7.3.16 and prior, update to a version later than 7.3.16.
For versions 7.4.14 and prior, update to a version later than 7.4.14.
For versions 7.5.5 and prior, update to a version later than 7.5.5.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Mysql Server