| Vulnerability Name: | CVE-2020-2694 (CCN-174642) |
| Assigned: | 2019-12-10 |
| Published: | 2020-01-14 |
| Updated: | 2021-12-30 |
| Summary: | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.18 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N). |
| CVSS v3 Severity: | 3.1 Low (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N)
2.7 Low (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)| Exploitability Metrics: | Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): Low
User Interaction (UI): None | | Scope: | Scope (S): Unchanged
| | Impact Metrics: | Confidentiality (C): Low
Integrity (I): None
Availibility (A): None |
3.1 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N)
2.7 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)| Exploitability Metrics: | Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): Low
User Interaction (UI): None | | Scope: | Scope (S): Unchanged
| | Impact Metrics: | Confidentiality (C): Low
Integrity (I): None
Availibility (A): None |
3.1 Low (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N)
2.7 Low (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)| Exploitability Metrics: | Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): Low
User Interaction (UI): None | | Scope: | Scope (S): Unchanged
| | Impact Metrics: | Confidentiality (C): Low
Integrity (I): None
Availibility (A): None |
|
| CVSS v2 Severity: | 3.5 Low (CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:N/A:N)| Exploitability Metrics: | Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): Single_Instance | | Impact Metrics: | Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None |
2.1 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:S/C:P/I:N/A:N)| Exploitability Metrics: | Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): Single_Instance
| | Impact Metrics: | Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None |
|
| Vulnerability Type: | CWE-noinfo
|
| Vulnerability Consequences: | Obtain Information |
| References: | Source: MITRE
Type: CNA
CVE-2020-2694
Source: XF
Type: UNKNOWN
oracle-cpujan2020-cve20202694(174642)
Source: GENTOO
Type: Third Party Advisory
GLSA-202105-27
Source: CONFIRM
Type: Third Party Advisory
https://security.netapp.com/advisory/ntap-20200122-0002/
Source: UBUNTU
Type: Third Party Advisory
USN-4250-1
Source: CCN
Type: Oracle CPUJan2020
Oracle Critical Patch Update Advisory - January 2020
Source: MISC
Type: Patch, Vendor Advisory
https://www.oracle.com/security-alerts/cpujan2020.html
|
| Vulnerable Configuration: | Configuration 1:
cpe:/a:oracle:mysql:*:*:*:*:*:*:*:* (Version >= 8.0.0 and <= 8.0.18)
Configuration 2:
cpe:/o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*OR cpe:/o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*OR cpe:/o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
Configuration 3:
cpe:/a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*OR cpe:/a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*OR cpe:/a:netapp:oncommand_insight:-:*:*:*:*:*:*:*OR cpe:/a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*OR cpe:/a:netapp:snapcenter:-:*:*:*:*:*:*:*
Configuration RedHat 1:
cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*
Configuration RedHat 2:
cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*
 Denotes that component is vulnerable |
| Oval Definitions |
|
| BACK |