Vulnerable versions can be exploited through InnoDB privilege user account, which allows high privileged user account to exploit these vulnerabilities. Bugtraq ID: 9361 Exploiting the vulnerability requires remote user to have SQL privilege, otherwise cannot be exploited. CVSS 3.1 Base Score 5.6 (Privilege escalation). Vulnerable Software Versions If you are using MySQL 8.0 or below, you are vulnerable. CVSS 3.0 Severity Score and Metrics If you are using MySQL 8.0 or below, you are vulnerable. Confidentiality Impact NONE Confidentiality Impact NONE Integrity Impact NONE Integrity Impact NONE Availability Impact HIGH (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) Availability Impact HIGH (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) Remote Exploitable Vulnerability N/A Local Exploitable Vulnerability HIGH (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) Known Vulnerabilities CVE-2017-10267 CVE-2017-10268 CVE-2017-10269 CVE-2017-10
MySQL Database Server
MySQL database server is a database management system (DBMS) developed from the database program MySQL. It was created by David Axmark and Allan Larsson in 1995, with the first release of MySQL 3.0.
MySQL Database Vulnerability Test Bench
The following vulnerability was found in the MySQL database. This is a test to determine the vulnerability of your current software version.
CVE-2022-21594: InnoDB privilege user account, which allows high privileged user account to exploit these vulnerabilities. Bugtraq ID: 9361 Exploiting the vulnerability requires remote user to have SQL privilege, otherwise cannot be exploited. CVSS 3.1 Base Score 5.6 (Privilege escalation). Vulnerable Software Versions If you are using MySQL 8.0 or below, you are vulnerable. CVSS 3.0 Severity Score and Metrics If you are using MySQL 8.0 or below, you are vulnerable. Confidentiality Impact NONE Confidentiality Impact NONE Integrity Impact NONE Integrity Impact NONE Availability Impact HIGH (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) Availability Impact HIGH (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) Remote Exploitable Vulnerability N/A Local Exploitable Vulnerability HIGH (CVSS::3.0 / AV::N / AC::L / PR::L / UI::N / S::U / C::H / I::H / A::H)
Bugtraq Commentary:
Vulnerable versions can be exploited through InnoDB privilege user account, which allows high privileged user account to exploit these vulnerabilities.
Bugtraq ID: 9361
Exploiting the vulnerability requires remote user to have SQL privilege, otherwise cannot be exploited.
CVSS 3.1 Base Score 5.6 (Privilege escalation).
Vulnerable Software Versions If you are using MySQL 8.0 or below, you are vulnerable.
CVSS 3.0 Severity Score and Metrics If you are using MySQL 8.0 or below, you are vulnerable.
Confidentiality Impact NONE Confidentiality Impact NONE Integrity Impact NONE Integrity Impact NONE Availability Impact HIGH (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) Availability Impact HIGH (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) Remote Exploitable Vulnerability N/A Local Exploitable Vulnerability HIGH (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H\ I:\A:\ H) Known Vulnerabilities CVE-2017-10267 CVE-2017-10268 CVE-
MySQL Database Engine
MySQL is a widely used open source relational database management system (RDBMS) that runs primarily on UNIX, Linux, and Windows. This operating system uses the Berkeley DB library for storing its data.
MySQL Database Information
MySQL is an open source database management system. It provides relational storage services, key-value data storing, and data querying services for the MySQL relational databases.
Timeline
Published on: 10/18/2022 21:15:00 UTC
Last modified on: 10/18/2022 21:18:00 UTC