IBM Support

Security Bulletin: Security vulnerabilities have been identified in Oracle MySQL shipped with IBM Tivoli Network Manager IP Edition (Oracle Advisory - April 2015)

Security Bulletin


Summary

Oracle MySQL is shipped as a component of IBM Tivoli Network Manager IP Edition. Information regarding security vulnerabilities affecting Oracle MySQL has been published.
http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html

Vulnerability Details

Tivoli Network Manager IP Edition ships with Oracle MySQL. Oracle has released a Critical Patch Update advisory - April 2015, which contains security vulnerability fixes.
CVEID: CVE-2015-0511
DESCRIPTION:
An unspecified vulnerability in Oracle MySQL Server related to the Server : SP component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 2.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102366 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:M/C:N/I:N/A:P)

CVEID: CVE-2015-2566
DESCRIPTION:
An unspecified vulnerability in Oracle MySQL Server related to the Server : DML component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 2.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102365 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:M/C:N/I:N/A:P)

CVEID: CVE-2015-2567
DESCRIPTION:
An unspecified vulnerability in Oracle MySQL Server related to the Server : Security : Privileges component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 3.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102364 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P)

CVEID: CVE-2015-2568
DESCRIPTION:
An unspecified vulnerability in Oracle MySQL Server related to the Server : Security : Privileges component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102347 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVEID: CVE-2015-2571
DESCRIPTION:
An unspecified vulnerability in Oracle MySQL Server related to the Server : Optimizer component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102355 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P)

CVEID: CVE-2015-2573
DESCRIPTION:
An unspecified vulnerability in Oracle MySQL Server related to the Server : DDLD131:D142 component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102349 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P)

CVEID: CVE-2015-2576
DESCRIPTION:
An unspecified vulnerability in Oracle MySQL Utilities related to the Installation component has no confidentiality impact, partial integrity impact, and no availability impact.
CVSS Base Score: 2.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102367 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:L/Au:N/C:N/I:P/A:N)

CVEID: CVE-2015-0405
DESCRIPTION:
An unspecified vulnerability in Oracle MySQL Server related to the Server : XA component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102359 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P)

CVEID: CVE-2015-0423
DESCRIPTION:
An unspecified vulnerability in Oracle MySQL Server related to the Server : Optimizer component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102354 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P)

CVEID: CVE-2015-0433
DESCRIPTION:
An unspecified vulnerability in Oracle MySQL Server related to the Server : InnoDB : DML component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102353 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P)

CVEID: CVE-2015-0438
DESCRIPTION:
An unspecified vulnerability in Oracle MySQL Server related to the Server : Partition component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102356 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P)

CVEID: CVE-2015-0439
DESCRIPTION:
An unspecified vulnerability in Oracle MySQL Server related to the Server : InnoDB component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102351 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P)

CVEID: CVE-2015-0441
DESCRIPTION:
An unspecified vulnerability in Oracle MySQL Server related to the Server : Security : Encryption component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102358 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P)

CVEID: CVE-2015-0498
DESCRIPTION:
An unspecified vulnerability in Oracle MySQL Server related to the Server : Replication component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 1.7
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102368 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:M/C:N/I:N/A:P)

CVEID: CVE-2015-0499
DESCRIPTION:
An unspecified vulnerability in Oracle MySQL Server related to the Server : Federated component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 3.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102361 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P)

CVEID: CVE-2015-0500
DESCRIPTION:
An unspecified vulnerability in Oracle MySQL Server related to the Server : Information Schema component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102350 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P)

CVEID: CVE-2015-0501
DESCRIPTION:
An unspecified vulnerability in Oracle MySQL Server related to the Server : Compiling component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 5.7
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102346 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:M/C:N/I:N/A:C)

CVEID: CVE-2015-0503
DESCRIPTION:
An unspecified vulnerability in Oracle MySQL Server related to the Server : Partition component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102357 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P)

CVEID: CVE-2015-0505
DESCRIPTION:
An unspecified vulnerability in Oracle MySQL Server related to the Server : DDL component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 3.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102360 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P)

CVEID: CVE-2015-0506
DESCRIPTION:
An unspecified vulnerability in Oracle MySQL Server related to the Server : InnoDB component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 3.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102362 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P)

CVEID: CVE-2015-0507
DESCRIPTION:
An unspecified vulnerability in Oracle MySQL Server related to the Server : Memcached component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 3.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102363 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P)

CVEID: CVE-2015-0508
DESCRIPTION:
An unspecified vulnerability in Oracle MySQL Server related to the Server : InnoDB component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102352 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Affected Products and Versions

Affected Product and Version(s) Product and Version shipped as a component
Tivoli Network Manager 3.8 3.8 ships both MySQL Connector and MySQL Server 5.0
Tivoli Network Manager 3.9 3.9 ships MySQL Connector 5.6

Remediation/Fixes

Get Notified about Future Security Bulletins

References

Related information

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

Disclaimer

According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

Document information

More support for: Tivoli Network Manager IP Edition

Software version: 3.8, 3.9

Operating system(s): Windows

Reference #: 1902454

Modified date: 12 May 2015