IBM486ECC05195B3F05A6D7BDD3FA51942587312284231AC162547262C3C9349EC5Security Bulletin: IBM Security Guardium Database Activity Monitor is affected by Open Source MySQL MySQL Vulnerabilities (CVE-2016-6663)
EPSS
Percentile
29.8%
Summary
MySQL could allow a local authenticated attacker to gain elevated privileges on the system, caused by a race condition error while setting stats during MyISAM table repair. An attacker could exploit this vulnerability to change permissions of arbitrary files. IBM Security Guardium Database Activity Monitor has fixed this vulnerability.
Vulnerability Details
CVEID: CVE-2016-6663**
DESCRIPTION:** MySQL could allow a local authenticated attacker to gain elevated privileges on the system, caused by a race condition error while setting stats during MyISAM table repair. An attacker could exploit this vulnerability to change permissions of arbitrary files.
CVSS Base Score: 5.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/119079> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N)
Affected Products and Versions
IBM Security Guardium Database Activity Monitor V 9, 9.1, 9.5
IBM Security Guardium Database Activity Monitor V10, 10.0.1, 10.1, 10.1.2
Remediation/Fixes
Product
| VRMF| Remediation/First Fix
β|β|β
IBM Security Guardium Database Activity Monitor| 9x| http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%2BSecurity&product=ibm/Information+Management/InfoSphere+Guardium&release=All&platform=All&function=fixId&fixids=SqlGuard_9.0p6022_SecurityUpdate&includeSupersedes=0&source=fc
IBM Security Guardium Database Activity Monitor| 10x| http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%2BSecurity&product=ibm/Information+Management/InfoSphere+Guardium&release=All&platform=All&function=fixId&fixids=SqlGuard_10.0p6022_SecurityUpdate&includeSupersedes=0&source=fc
Workarounds and Mitigations
None
Related
EPSS
Percentile
29.8%