CVE-2018-2755

Name of the Vulnerable Software and Affected Versions Oracle MySQL versions 5.5.59 and prior Oracle MySQL versions 5.6.39 and prior Oracle MySQL versions 5.7.21 and prior

Description The issue is related to the MySQL Server component, specifically the Server: Replication subcomponent, and is associated with inadequate access control. It allows an unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and may significantly impact additional products. The vulnerability can result in the takeover of MySQL Server.

Recommendations For Oracle MySQL versions 5.5.59 and prior, update to a version later than 5.5.59 to resolve the issue. For Oracle MySQL versions 5.6.39 and prior, update to a version later than 5.6.39 to resolve the issue. For Oracle MySQL versions 5.7.21 and prior, update to a version later than 5.7.21 to resolve the issue. As a temporary workaround, consider restricting access to the MySQL Server to minimize the risk of exploitation.