Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMA23389259732E564DA851708D9FCAD598A52209581800C6C73C79C0850A24182
HistoryJun 16, 2018 - 10:05 p.m.

Security Bulletin: IBM Security Guardium is affected by Open Source Oracle MySQL Server Vulnerabilities

2018-06-1622:05:02
www.ibm.com
13

0.004 Low

EPSS

Percentile

74.9%

JSON

Summary

IBM Security Guardium has addressed the following vulnerabilities.

Vulnerability Details

CVEID: CVE-2017-10384**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL related to the Server: DDL component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 6.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/133809 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2017-10379**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL related to the Server Client programs component could allow an authenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors.
CVSS Base Score: 6.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/133804 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)

CVEID: CVE-2017-10378**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL related to the Server: Optimizer component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 6.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/133803 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2017-10365**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL related to the Server: InnoDB component could allow an authenticated attacker to cause no confidentiality impact, low integrity impact, and low availability impact.
CVSS Base Score: 3.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/133794 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L)

CVEID: CVE-2017-10320**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL related to the Server: InnoDB component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 4.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/133749 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2017-10314**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL related to the Server: Memcached component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 4.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/133743 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2017-10313**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL related to the Server Group Replication GCS component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 4.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/133742 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2017-10311**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL related to the Server: FTS component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 4.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/133740 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2017-10296**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL related to the Server: DML component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 4.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/133730 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2017-10294**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL related to the Server: Optimizer component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 4.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/133728 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2017-10286**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL related to the Server: InnoDB component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 4.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/133724 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2017-10284**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL related to the Server: Stored Procedure component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 4.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/133722 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2017-10283**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL related to the Server: Performance Schema component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/133721 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2017-10279**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL related to the Server: Optimizer component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 4.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/133718 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2017-10276**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL related to the Server: FTS component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 6.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/133716 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2017-10268**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL related to the Server: Replication component could allow an authenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors.
CVSS Base Score: 4.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/133711 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N)

CVEID: CVE-2017-10227**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL related to the Server: Optimizer component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 4.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/133704 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2017-10167**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL related to the Server: Optimizer component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 6.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/133699 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2017-10165**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL related to the Server: Replication component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 4.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/133697 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2017-10155**
DESCRIPTION:** An unspecified vulnerability in Oracle MySQL related to the Server: Pluggable Auth component could allow an unauthenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/133690 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

IBM Security Guardium V9.0, 9.1, 9.5

IBM Security Guardium V10.0, 10.0.1, 10.1, 10.1.2, 10.1.3, 10.1.4

Remediation/Fixes

Product

| VRMF| Remediation/First Fix
—|—|—
IBM Security Guardium| 9.0-9.5| https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%2BSecurity&product=ibm/Information+Management/InfoSphere+Guardium&release=All&platform=All&function=fixId&fixids=SqlGuard-9.0p758_Bundle_Jan-31-2018_32-bit,SqlGuard-9.0p758_Bundle_Jan-31-2018_64-bit&includeSupersedes=0&source=fc
IBM Security Guardium| 10.0-10.1.4| http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%2BSecurity&product=ibm/Information+Management/InfoSphere+Guardium&release=All&platform=All&function=fixId&fixids=SqlGuard_10.0p402_Bundle_Feb-19-2018&includeSupersedes=0&source=fc

Workarounds and Mitigations

None

Related

openvas 23
nessus 31
ubuntu 2
freebsd 1
redhat 2
amazon 2
fedora 4
suse 2
f5 4
osv 16
debian 3
mageia 1
slackware 1
altlinux 1
veracode 14
cve 13
cvelist 15
redhatcve 16
ubuntucve 16
nvd 14
mariadbunix 3
prion 15
openvas
openvas
Ubuntu: Security Advisory (USN-3459-1)
2017-10-25 00:00:00
Fedora Update for community-mysql FEDORA-2017-50c790aaed
2017-11-07 00:00:00
openSUSE: Security Advisory for mysql-community-server (openSUSE-SU-2017:2868-1)
2017-10-27 00:00:00
nessus
nessus
Ubuntu 14.04 LTS / 16.04 LTS : MySQL vulnerabilities (USN-3459-1)
2017-10-24 00:00:00
FreeBSD : MySQL -- multiple vulnerabilities (c41bedfd-b3f9-11e7-ac58-b499baebfeaf)
2017-10-19 00:00:00
RHEL 6 / 7 : rh-mysql56-mysql (RHSA-2017:3265)
2024-04-27 00:00:00
ubuntu
ubuntu
MySQL vulnerabilities
2017-10-23 00:00:00
MySQL vulnerabilities
2017-10-30 00:00:00
freebsd
freebsd
MySQL -- multiple vulnerabilities
2017-10-18 00:00:00
redhat
redhat
(RHSA-2017:3265) Important: rh-mysql56-mysql security update
2017-11-27 18:24:50
(RHSA-2017:3442) Important: rh-mysql57-mysql security update
2017-12-12 12:52:23
amazon
amazon
Important: mysql56, mysql57
2017-12-05 21:50:00
Medium: mysql55
2017-12-05 21:54:00
fedora
fedora
[SECURITY] Fedora 25 Update: community-mysql-5.7.20-1.fc25
2017-11-06 23:33:59
[SECURITY] Fedora 27 Update: community-mysql-5.7.20-1.fc27
2017-11-11 13:51:45
[SECURITY] Fedora 26 Update: community-mysql-5.7.20-1.fc26
2017-11-06 23:35:05
suse
suse
Security update for mysql-community-server (important)
2017-10-27 18:28:48
Security update for mysql (important)
2017-11-11 00:07:25
f5
f5
K90233102 : MySQL vulnerabilities CVE-2017-10294, CVE-2017-10296, CVE-2017-10311, CVE-2017-10313, and CVE-2017-10314
2017-10-27 00:00:00
K60156735 : MySQL vulnerabilities CVE-2017-10276, CVE-2017-10279, CVE-2017-10283, CVE-2017-10284, and CVE-2017-10286
2017-10-27 00:00:00
K40317110 : MySQL vulnerabilities CVE-2017-10320, CVE-2017-10365, CVE-2017-10378, CVE-2017-10379, and CVE-2017-10384
2017-10-27 00:00:00
osv
osv
mysql-5.5 - security update
2017-10-19 00:00:00
mysql-5.5 - security update
2017-10-19 00:00:00
CVE-2017-10284
2017-10-19 17:29:02
debian
debian
[SECURITY] [DLA 1141-1] mysql-5.5 security update
2017-10-19 18:15:56
[SECURITY] [DSA 4002-1] mysql-5.5 security update
2017-10-19 17:20:45
[SECURITY] [DSA 4002-1] mysql-5.5 security update
2017-10-19 17:20:45
mageia
mageia
Updated mariadb packages fix security vulnerabilities
2017-12-21 21:18:18
slackware
slackware
[slackware-security] mariadb
2017-11-03 06:23:58
altlinux
altlinux
Security fix for the ALT Linux 8 package mariadb version 10.1.29-alt1
2017-12-06 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-05-02 06:38:18
Denial Of Service (DoS)
2019-05-02 06:37:50
Denial Of Service (DoS)
2019-05-02 06:38:18
cve
cve
CVE-2017-10296
2017-10-19 17:29:02
CVE-2017-10294
2017-10-19 17:29:02
CVE-2017-10311
2017-10-19 17:29:02
cvelist
cvelist
CVE-2017-10313
2017-10-19 17:00:00
CVE-2017-10294
2017-10-19 17:00:00
CVE-2017-10284
2017-10-19 17:00:00
redhatcve
redhatcve
CVE-2017-10284
2019-10-31 21:37:23
CVE-2017-10311
2017-10-18 14:50:38
CVE-2017-10365
2020-04-01 02:12:06
ubuntucve
ubuntucve
CVE-2017-10284
2017-10-19 00:00:00
CVE-2017-10313
2017-10-18 00:00:00
CVE-2017-10365
2017-10-19 00:00:00
nvd
nvd
CVE-2017-10313
2017-10-19 17:29:02
CVE-2017-10284
2017-10-19 17:29:02
CVE-2017-10227
2017-10-19 17:29:01
mariadbunix
mariadbunix
CVE-2017-10365
2017-10-19 17:29:00
CVE-2017-10320
2017-10-19 17:29:00
CVE-2017-10286
2017-10-19 17:29:00
prion
prion
Code injection
2017-10-19 17:29:00
Code injection
2017-10-19 17:29:00
Code injection
2017-10-19 17:29:00

0.004 Low

EPSS

Percentile

74.9%

JSON
Related for A23389259732E564DA851708D9FCAD598A52209581800C6C73C79C0850A24182
openvas23nessus31ubuntu2freebsd1redhat2amazon2fedora4suse2f54osv16debian3mageia1slackware1altlinux1veracode14cve13cvelist15redhatcve16ubuntucve16nvd14mariadbunix3prion15