CVE-2018-3082

Description

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).

Related CPE's

a oracle mysql ********

a netapp snapcenter -*******

a netapp storage_automation_store -*******

a netapp oncommand_workflow_automation -*******

a netapp oncommand_insight ********

References

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

PatchVendor Advisory

https://security.netapp.com/advisory/ntap-20180726-0002/

PatchThird Party Advisory

1041294

Third Party AdvisoryVDB Entry

104772

Third Party AdvisoryVDB Entry

CvssV3 impact

BaseSeverity	LOW
ConfidentialityImpact	LOW
AttackComplexity	LOW
Scope	UNCHANGED
AttackVector	NETWORK
AvailabilityImpact	NONE
IntegrityImpact	NONE
PrivilegesRequired	HIGH
BaseScore	2.7
VectorString	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Version	3.0
UserInteraction	NONE

CvssV2 impact

Version	2.0
VectorString	AV:N/AC:L/Au:S/C:P/I:N/A:N
AccessVector	NETWORK
AccessComplexity	LOW
Authentication	SINGLE
ConfidentialityImpact	PARTIAL
IntegrityImpact	NONE
AvailabilityImpact	NONE
BaseScore	4

Created by Yello

About Severity.io