PT-2022-5180 · Oracle+1 · Oracle Mysql Shell+1

Ycdxsb

Published

2022-10-18

Updated

2023-12-10

CVE-2022-39403

CVSS v3.1

3.9

Low

Vector

AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Oracle MySQL Shell versions 8.0.30 and prior

Description The issue is related to insufficient input validation in the Shell: Core Client component of Oracle MySQL Shell. This allows a low-privileged attacker with logon access to the infrastructure where MySQL Shell executes to compromise it. Successful attacks require human interaction from a person other than the attacker and can result in unauthorized update, insert, or delete access to some MySQL Shell accessible data, as well as unauthorized read access to a subset of MySQL Shell accessible data.

Recommendations For versions 8.0.30 and prior, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALT-PU-2023-7310

ALT-PU-2023-7463

ALT-PU-2023-7647

ALT-PU-2023-7888

AZL-11217

BDU:2022-06437

CVE-2022-39403

Affected Products

Alt Linux

Oracle Mysql Shell

PT-2022-5180 · Oracle+1 · Oracle Mysql Shell+1

CVE-2022-39403

Weakness Enumeration

Related Identifiers

Affected Products

References · 9