CVE-2019-2533

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:C/A:N

Name of the Vulnerable Software and Affected Versions Oracle MySQL versions 8.0.13 and prior

Description The issue is related to errors in access control within the Server component of Oracle MySQL. It allows a remote attacker to gain unauthorized access to protected data using network protocols. Successful attacks can result in unauthorized creation, deletion, or modification of critical data or all accessible data on the MySQL Server. The vulnerability can be easily exploited by an attacker with network access via multiple protocols.

Recommendations For versions 8.0.13 and prior, update to a version that includes the fix for this issue to prevent unauthorized access and potential data modification. As a temporary workaround, consider restricting network access to the MySQL Server to minimize the risk of exploitation. Restrict privileges to the minimum required for each user to reduce the impact of a potential attack.

Fix

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284

Related Identifiers

ALSA-2019:2511

ALT-PU-2019-1183

BDU:2019-00405

CESA-2019_2511

CVE-2019-2533

RHSA-2019:2484

RHSA-2019:2511

RHSA-2019_2511

RLSA-2019:2511

Affected Products

Alt Linux

Almalinux

Centos

Mysql Server

Red Hat

Rocky Linux

CVE-2019-2533

Weakness Enumeration

Related Identifiers

Affected Products

References · 493