CVE-2019-2533 - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privi

CVE-2019-2533

Summary

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data. CVSS 3.0 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N).

References

Vulnerable Configurations

cpe:2.3:a:oracle:mysql:8.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:8.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:8.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:8.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:8.0.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:8.0.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:8.0.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:8.0.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:8.0.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:8.0.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:8.0.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:8.0.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:8.0.10:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:8.0.10:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:8.0.11:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:8.0.11:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:8.0.12:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:8.0.12:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:8.0.13:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:8.0.13:*:*:*:*:*:*:*
cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_unified_manager:7.3:*:*:*:*:windows:*:*
cpe:2.3:a:netapp:oncommand_unified_manager:7.3:*:*:*:*:windows:*:*
cpe:2.3:a:netapp:oncommand_unified_manager:9.4:*:*:*:*:windows:*:*
cpe:2.3:a:netapp:oncommand_unified_manager:9.4:*:*:*:*:windows:*:*
cpe:2.3:a:netapp:oncommand_unified_manager:9.5:*:*:*:*:windows:*:*
cpe:2.3:a:netapp:oncommand_unified_manager:9.5:*:*:*:*:windows:*:*
cpe:2.3:a:netapp:oncommand_unified_manager:7.3:*:*:*:*:vsphere:*:*
cpe:2.3:a:netapp:oncommand_unified_manager:7.3:*:*:*:*:vsphere:*:*
cpe:2.3:a:netapp:oncommand_unified_manager:9.4:*:*:*:*:vsphere:*:*
cpe:2.3:a:netapp:oncommand_unified_manager:9.4:*:*:*:*:vsphere:*:*
cpe:2.3:a:netapp:oncommand_unified_manager:9.5:*:*:*:*:vsphere:*:*
cpe:2.3:a:netapp:oncommand_unified_manager:9.5:*:*:*:*:vsphere:*:*
cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*

CVSS

Base:	4.0 (as of 31-01-2023 - 17:40)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	SINGLE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:L/Au:S/C:N/I:P/A:N

redhat via4

advisories

rhsa
id RHSA-2019:2484
rhsa
id RHSA-2019:2511

rpms

rh-mysql80-mysql-0:8.0.17-1.el7
rh-mysql80-mysql-common-0:8.0.17-1.el7
rh-mysql80-mysql-config-0:8.0.17-1.el7
rh-mysql80-mysql-config-syspaths-0:8.0.17-1.el7
rh-mysql80-mysql-debuginfo-0:8.0.17-1.el7
rh-mysql80-mysql-devel-0:8.0.17-1.el7
rh-mysql80-mysql-errmsg-0:8.0.17-1.el7
rh-mysql80-mysql-server-0:8.0.17-1.el7
rh-mysql80-mysql-server-syspaths-0:8.0.17-1.el7
rh-mysql80-mysql-syspaths-0:8.0.17-1.el7
rh-mysql80-mysql-test-0:8.0.17-1.el7
mecab-0:0.996-1.module+el8.0.0+3898+e09bb8de.9
mecab-debuginfo-0:0.996-1.module+el8.0.0+3898+e09bb8de.9
mecab-debugsource-0:0.996-1.module+el8.0.0+3898+e09bb8de.9
mecab-ipadic-0:2.7.0.20070801-16.module+el8.0.0+3898+e09bb8de
mecab-ipadic-EUCJP-0:2.7.0.20070801-16.module+el8.0.0+3898+e09bb8de
mysql-0:8.0.17-3.module+el8.0.0+3898+e09bb8de
mysql-common-0:8.0.17-3.module+el8.0.0+3898+e09bb8de
mysql-debuginfo-0:8.0.17-3.module+el8.0.0+3898+e09bb8de
mysql-debugsource-0:8.0.17-3.module+el8.0.0+3898+e09bb8de
mysql-devel-0:8.0.17-3.module+el8.0.0+3898+e09bb8de
mysql-devel-debuginfo-0:8.0.17-3.module+el8.0.0+3898+e09bb8de
mysql-errmsg-0:8.0.17-3.module+el8.0.0+3898+e09bb8de
mysql-libs-0:8.0.17-3.module+el8.0.0+3898+e09bb8de
mysql-libs-debuginfo-0:8.0.17-3.module+el8.0.0+3898+e09bb8de
mysql-server-0:8.0.17-3.module+el8.0.0+3898+e09bb8de
mysql-server-debuginfo-0:8.0.17-3.module+el8.0.0+3898+e09bb8de
mysql-test-0:8.0.17-3.module+el8.0.0+3898+e09bb8de
mysql-test-debuginfo-0:8.0.17-3.module+el8.0.0+3898+e09bb8de

refmap via4

confirm

Last major update

31-01-2023 - 17:40

Published

16-01-2019 - 19:30

Last modified

31-01-2023 - 17:40