PT-2019-3725 · Mysql Server+1 · Mysql Server+1
Published
2019-10-15
·
Updated
2023-02-04
·
CVE-2019-2922
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
MySQL Server versions 5.6.45 and prior
MySQL Server versions 5.7.27 and prior
Description
The issue is related to a lack of protection for service data in the MySQL Server product, specifically in the Server: Security: Encryption component. This easily exploitable vulnerability allows an unauthenticated attacker with network access via multiple protocols to compromise the MySQL Server, resulting in unauthorized read access to a subset of MySQL Server accessible data.
Recommendations
For MySQL Server versions 5.6.45 and prior, update to a version later than 5.6.45 to resolve the issue.
For MySQL Server versions 5.7.27 and prior, update to a version later than 5.7.27 to resolve the issue.
As a temporary workaround, consider restricting network access to the MySQL Server to minimize the risk of exploitation.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mysql Server
Ubuntu