CVE-2018-3084

low-risk

Published 2018-07-18

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Shell: Core / Client). Supported versions that are affected are 8.0.11 and prior. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.0 Base Score 2.8 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L).

Do I need to act?

0.21% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 2.8/10 Low

LOCAL / LOW complexity

Affected Products (5)

Mysql

Oncommand Insight

Oncommand Workflow Automation

Snapcenter

Storage Automation Store

Affected Vendors

Oracle Netapp

References (8)

Patch http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

Third Party Advisory http://www.securityfocus.com/bid/104788

Third Party Advisory http://www.securitytracker.com/id/1041294

Patch https://security.netapp.com/advisory/ntap-20180726-0002/

Patch http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

Third Party Advisory http://www.securityfocus.com/bid/104788

Third Party Advisory http://www.securitytracker.com/id/1041294

Patch https://security.netapp.com/advisory/ntap-20180726-0002/

/ 100

low-risk

Severity 11/34 · Low

Exploitability 1/34 · Minimal

Exposure 12/34 · Low