PT-2022-5181 · Oracle+1 · Oracle Mysql Shell+1

Ycdxsb

Published

2022-10-18

Updated

2023-12-10

CVE-2022-39402

CVSS v3.1

4.3

Medium

Vector

AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Oracle MySQL Shell versions prior to 8.0.30

Description The issue is related to insufficient input validation in the Shell: Core Client component of Oracle MySQL Shell, allowing an unauthenticated attacker with logon to the infrastructure where MySQL Shell executes to compromise it. This could result in unauthorized read access to a subset of MySQL Shell accessible data. The vulnerability may also impact additional products.

Recommendations For versions prior to 8.0.30, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALT-PU-2023-7310

ALT-PU-2023-7463

ALT-PU-2023-7647

ALT-PU-2023-7888

AZL-11216

BDU:2022-06438

CVE-2022-39402

Affected Products

Alt Linux

Oracle Mysql Shell

PT-2022-5181 · Oracle+1 · Oracle Mysql Shell+1

CVE-2022-39402

Weakness Enumeration

Related Identifiers

Affected Products

References · 9