CVE-2019-2533

moderate-risk

Published 2019-01-16

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data. CVSS 3.0 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N).

Do I need to act?

0.33% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.5/10 Medium

NETWORK / LOW complexity

Affected Products (18)

Mysql

Oncommand Unified Manager

Oncommand Workflow Automation

Snapcenter

Storage Automation Store

Software Collections

Enterprise Linux

Enterprise Linux Eus

Enterprise Linux Server Aus

Enterprise Linux Server Tus

Affected Vendors

Redhat Oracle Netapp

References (8)

Patch http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

Third Party Advisory https://access.redhat.com/errata/RHSA-2019:2484

Third Party Advisory https://access.redhat.com/errata/RHSA-2019:2511

Third Party Advisory https://security.netapp.com/advisory/ntap-20190118-0002/

Patch http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

Third Party Advisory https://access.redhat.com/errata/RHSA-2019:2484

Third Party Advisory https://access.redhat.com/errata/RHSA-2019:2511

Third Party Advisory https://security.netapp.com/advisory/ntap-20190118-0002/

/ 100

moderate-risk

Severity 24/34 · High

Exploitability 1/34 · Minimal

Exposure 19/34 · Moderate