PT-2019-3707 · Oracle+7 · Oracle Hospitality Reporting/Analytics+7

Published

2019-08-09

Updated

2023-01-31

CVE-2019-2950

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions MySQL Server versions 8.0.16 and prior Oracle Hospitality Reporting and Analytics (affected versions not specified)

Description The issue is related to inadequate access control in the Server: Optimizer component of MySQL Server and the Oracle Hospitality Reporting and Analytics package. Exploitation of this issue may allow a remote attacker to cause a hang or crash of the MySQL Server using the network MySQL protocol or gain unauthorized access to protected data via the HTTP protocol.

Recommendations For MySQL Server versions 8.0.16 and prior: update to a version that addresses the access control issue in the Server: Optimizer component. For Oracle Hospitality Reporting and Analytics: at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

ALSA-2019:2511

ALT-PU-2019-2432

ALT-PU-2020-1827

BDU:2019-03933

BDU:2019-03934

CESA-2019_2511

CVE-2019-2950

RHSA-2019:2484

RHSA-2019:2511

RHSA-2019_2511

RLSA-2019:2511

USN-4195-1

Affected Products

Alt Linux

Almalinux

Centos

Mysql Server

Oracle Hospitality Reporting/Analytics

Red Hat

Rocky Linux

Ubuntu

PT-2019-3707 · Oracle+7 · Oracle Hospitality Reporting/Analytics+7

CVE-2019-2950

Weakness Enumeration

Related Identifiers

Affected Products

References · 656