CVE-2016-0639

high-risk

Published 2016-04-21

Unspecified vulnerability in Oracle MySQL 5.6.29 and earlier and 5.7.11 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Pluggable Authentication.

Do I need to act?

15.3% chance of exploitation in next 30 days

EPSS score — higher than 85% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (3)

Mysql

Enterprise Linux

Affected Vendors

Oracle Redhat

References (14)

Mailing List http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html

Third Party Advisory http://rhn.redhat.com/errata/RHSA-2016-0705.html

Patch http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html

Third Party Advisory http://www.securityfocus.com/bid/86418

Third Party Advisory http://www.securitytracker.com/id/1035606

Third Party Advisory http://www.ubuntu.com/usn/USN-2953-1

Third Party Advisory http://www.ubuntu.com/usn/USN-2954-1

Mailing List http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html

Third Party Advisory http://rhn.redhat.com/errata/RHSA-2016-0705.html

Patch http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html

Third Party Advisory http://www.securityfocus.com/bid/86418

Third Party Advisory http://www.securitytracker.com/id/1035606

Third Party Advisory http://www.ubuntu.com/usn/USN-2953-1

Third Party Advisory http://www.ubuntu.com/usn/USN-2954-1

/ 100

high-risk

Severity 32/34 · Critical

Exploitability 13/34 · Low

Exposure 9/34 · Low