CVE-2018-2755
mysql: Server: Replication unspecified vulnerability (CPU Apr 2018)
Severity Score
7.7
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track*
*SSVC
Descriptions
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
Vulnerabilidad en el componente MySQL Server en Oracle MySQL (subcomponente: Server: Replication). Las versiones compatibles que se han visto afectadas son la 05/05/1959 y anteriores, 05/06/1939 y anteriores, y la 05/07/2021 y anteriores. Esta vulnerabilidad difícilmente explotable permite que un atacante no autenticado y con permisos de inicio de sesión en la infraestructura en la que se ejecuta MySQL Server comprometa la seguridad de MySQL Server. Para que los ataques tengan éxito, se necesita la participación de otra persona diferente del atacante y, aunque la vulnerabilidad está presente en MySQL Server, los ataques podrían afectar seriamente a productos adicionales. Los ataques exitosos a esta vulnerabilidad pueden resultar en la toma de control de MySQL Server. CVSS 3.0 Base Score 7.7 (impactos en la confidencialidad, integridad y disponibilidad). Vector CVSS: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track*
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2017-12-15 CVE Reserved
- 2018-04-19 CVE Published
- 2024-07-23 EPSS Updated
- 2024-10-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (19)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/103807 | Third Party Advisory | |
| http://www.securitytracker.com/id/1040698 | Broken Link | |
| https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | Mailing List |
|
| https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | Mailing List |
|
| https://security.netapp.com/advisory/ntap-20180419-0002 | Third Party Advisory |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | 2022-07-19 |
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2018:1254 | 2022-07-19 | |
| https://access.redhat.com/errata/RHSA-2018:2439 | 2022-07-19 | |
| https://access.redhat.com/errata/RHSA-2018:2729 | 2022-07-19 | |
| https://access.redhat.com/errata/RHSA-2018:3655 | 2022-07-19 | |
| https://access.redhat.com/errata/RHSA-2019:1258 | 2022-07-19 | |
| https://security.gentoo.org/glsa/201908-24 | 2022-07-19 | |
| https://usn.ubuntu.com/3629-1 | 2022-07-19 | |
| https://usn.ubuntu.com/3629-2 | 2022-07-19 | |
| https://usn.ubuntu.com/3629-3 | 2022-07-19 | |
| https://www.debian.org/security/2018/dsa-4176 | 2022-07-19 | |
| https://www.debian.org/security/2018/dsa-4341 | 2022-07-19 | |
| https://access.redhat.com/security/cve/CVE-2018-2755 | 2019-05-21 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1568921 | 2019-05-21 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | >= 5.5.0 <= 5.5.59 Search vendor "Oracle" for product "Mysql" and version " >= 5.5.0 <= 5.5.59" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | >= 5.6.0 <= 5.6.39 Search vendor "Oracle" for product "Mysql" and version " >= 5.6.0 <= 5.6.39" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | >= 5.7.0 <= 5.7.21 Search vendor "Oracle" for product "Mysql" and version " >= 5.7.0 <= 5.7.21" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 7.0 Search vendor "Debian" for product "Debian Linux" and version "7.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 12.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "12.04" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04" | esm |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04" | esm |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 17.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "17.10" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04" | lts |
Affected
| ||||||
| Mariadb Search vendor "Mariadb" | Mariadb Search vendor "Mariadb" for product "Mariadb" | >= 5.5.0 < 5.5.60 Search vendor "Mariadb" for product "Mariadb" and version " >= 5.5.0 < 5.5.60" | - |
Affected
| ||||||
| Mariadb Search vendor "Mariadb" | Mariadb Search vendor "Mariadb" for product "Mariadb" | >= 10.0.0 < 10.0.35 Search vendor "Mariadb" for product "Mariadb" and version " >= 10.0.0 < 10.0.35" | - |
Affected
| ||||||
| Mariadb Search vendor "Mariadb" | Mariadb Search vendor "Mariadb" for product "Mariadb" | >= 10.1.0 < 10.1.33 Search vendor "Mariadb" for product "Mariadb" and version " >= 10.1.0 < 10.1.33" | - |
Affected
| ||||||
| Mariadb Search vendor "Mariadb" | Mariadb Search vendor "Mariadb" for product "Mariadb" | >= 10.2.0 < 10.2.15 Search vendor "Mariadb" for product "Mariadb" and version " >= 10.2.0 < 10.2.15" | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Active Iq Unified Manager Search vendor "Netapp" for product "Active Iq Unified Manager" | >= 7.3 Search vendor "Netapp" for product "Active Iq Unified Manager" and version " >= 7.3" | windows |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Active Iq Unified Manager Search vendor "Netapp" for product "Active Iq Unified Manager" | >= 9.5 Search vendor "Netapp" for product "Active Iq Unified Manager" and version " >= 9.5" | vmware_vsphere |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Oncommand Insight Search vendor "Netapp" for product "Oncommand Insight" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Oncommand Workflow Automation Search vendor "Netapp" for product "Oncommand Workflow Automation" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Snapcenter Search vendor "Netapp" for product "Snapcenter" | - | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Openstack Search vendor "Redhat" for product "Openstack" | 12 Search vendor "Redhat" for product "Openstack" and version "12" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "7.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Eus Search vendor "Redhat" for product "Enterprise Linux Eus" | 7.5 Search vendor "Redhat" for product "Enterprise Linux Eus" and version "7.5" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Eus Search vendor "Redhat" for product "Enterprise Linux Eus" | 7.6 Search vendor "Redhat" for product "Enterprise Linux Eus" and version "7.6" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Eus Search vendor "Redhat" for product "Enterprise Linux Eus" | 7.7 Search vendor "Redhat" for product "Enterprise Linux Eus" and version "7.7" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "7.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus" | 7.6 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "7.6" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus" | 7.7 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "7.7" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Tus Search vendor "Redhat" for product "Enterprise Linux Server Tus" | 7.6 Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "7.6" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Tus Search vendor "Redhat" for product "Enterprise Linux Server Tus" | 7.7 Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "7.7" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Workstation Search vendor "Redhat" for product "Enterprise Linux Workstation" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "7.0" | - |
Affected
| ||||||