CVE-2018-2755

HIGHScheduled

Published:Apr 19, 2018(8 years ago)

Modified:Nov 21, 2024

Local AccessNo Auth RequiredScope Changes

Vulnerability Description

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).

Attack Characteristics

Local AccessHigh ComplexityNo Auth NeededUser Interaction Required

🤖

AI analysis not yet available

Plain-English explanation, risk summary, and remediation steps will appear here once AI analysis is complete.

No Fix Known

No patch has been released yet. Apply workarounds or mitigations where available.

Affected Software

Vendor	Product	Versions	Fixed In
oracle	mysql	5.5.0 - 5.5.59	-
oracle	mysql	5.6.0 - 5.6.39

Timeline

Published
CVE disclosed publicly
Apr 19, 20188 years ago
Last Modified
Most recent update
Nov 21, 20241 year ago
Indexed to CVEInsight
Added to this platform
Mar 29, 20261 month ago

References

http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067...Patch
http://www.securityfocus.com/bid/103807Third Party Advisory
http://www.securitytracker.com/id/1040698Broken Link

CVSS Score

v3.1

7.7/ 10.0

HIGH

AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

At a Glance

Affected Products

References

oracle / mysql

https://access.redhat.com/errata/RHSA-2018:1254Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:2439Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:2729Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:3655Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:1258Third Party Advisory

https://lists.debian.org/debian-lts-announce/2018/04/msg00020.htmlMailing List

https://lists.debian.org/debian-lts-announce/2018/06/msg00015.htmlMailing List

https://security.gentoo.org/glsa/201908-24Third Party Advisory

https://security.netapp.com/advisory/ntap-20180419-0002/Third Party Advisory

https://usn.ubuntu.com/3629-1/Third Party Advisory

https://usn.ubuntu.com/3629-2/Third Party Advisory

https://usn.ubuntu.com/3629-3/Third Party Advisory

https://www.debian.org/security/2018/dsa-4176Third Party Advisory

https://www.debian.org/security/2018/dsa-4341Third Party Advisory

http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067...Patch

http://www.securityfocus.com/bid/103807Third Party Advisory

http://www.securitytracker.com/id/1040698Broken Link