Security Bulletin
Summary
Oracle MySQL is shipped as a component of IBM Tivoli Network Manager IP Edition. Information regarding security vulnerabilities affecting Oracle MySQL has been published.
http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html
Vulnerability Details
Tivoli Network Manager IP Edition ships with Oracle MySQL. Oracle has released a Critical Patch Update advisory - April 2015, which contains security vulnerability fixes.
CVEID: CVE-2015-0511
DESCRIPTION: An unspecified vulnerability in Oracle MySQL Server related to the Server : SP component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 2.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102366 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:M/C:N/I:N/A:P)
CVEID: CVE-2015-2566
DESCRIPTION: An unspecified vulnerability in Oracle MySQL Server related to the Server : DML component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 2.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102365 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:M/C:N/I:N/A:P)
CVEID: CVE-2015-2567
DESCRIPTION: An unspecified vulnerability in Oracle MySQL Server related to the Server : Security : Privileges component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 3.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102364 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P)
CVEID: CVE-2015-2568
DESCRIPTION: An unspecified vulnerability in Oracle MySQL Server related to the Server : Security : Privileges component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102347 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVEID: CVE-2015-2571
DESCRIPTION: An unspecified vulnerability in Oracle MySQL Server related to the Server : Optimizer component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102355 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CVEID: CVE-2015-2573
DESCRIPTION: An unspecified vulnerability in Oracle MySQL Server related to the Server : DDLD131:D142 component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102349 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CVEID: CVE-2015-2576
DESCRIPTION: An unspecified vulnerability in Oracle MySQL Utilities related to the Installation component has no confidentiality impact, partial integrity impact, and no availability impact.
CVSS Base Score: 2.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102367 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:L/Au:N/C:N/I:P/A:N)
CVEID: CVE-2015-0405
DESCRIPTION: An unspecified vulnerability in Oracle MySQL Server related to the Server : XA component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102359 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CVEID: CVE-2015-0423
DESCRIPTION: An unspecified vulnerability in Oracle MySQL Server related to the Server : Optimizer component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102354 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CVEID: CVE-2015-0433
DESCRIPTION: An unspecified vulnerability in Oracle MySQL Server related to the Server : InnoDB : DML component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102353 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CVEID: CVE-2015-0438
DESCRIPTION: An unspecified vulnerability in Oracle MySQL Server related to the Server : Partition component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102356 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CVEID: CVE-2015-0439
DESCRIPTION: An unspecified vulnerability in Oracle MySQL Server related to the Server : InnoDB component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102351 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CVEID: CVE-2015-0441
DESCRIPTION: An unspecified vulnerability in Oracle MySQL Server related to the Server : Security : Encryption component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102358 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CVEID: CVE-2015-0498
DESCRIPTION: An unspecified vulnerability in Oracle MySQL Server related to the Server : Replication component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 1.7
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102368 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:M/C:N/I:N/A:P)
CVEID: CVE-2015-0499
DESCRIPTION: An unspecified vulnerability in Oracle MySQL Server related to the Server : Federated component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 3.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102361 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P)
CVEID: CVE-2015-0500
DESCRIPTION: An unspecified vulnerability in Oracle MySQL Server related to the Server : Information Schema component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102350 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CVEID: CVE-2015-0501
DESCRIPTION: An unspecified vulnerability in Oracle MySQL Server related to the Server : Compiling component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 5.7
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102346 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:M/C:N/I:N/A:C)
CVEID: CVE-2015-0503
DESCRIPTION: An unspecified vulnerability in Oracle MySQL Server related to the Server : Partition component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102357 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CVEID: CVE-2015-0505
DESCRIPTION: An unspecified vulnerability in Oracle MySQL Server related to the Server : DDL component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 3.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102360 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P)
CVEID: CVE-2015-0506
DESCRIPTION: An unspecified vulnerability in Oracle MySQL Server related to the Server : InnoDB component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 3.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102362 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P)
CVEID: CVE-2015-0507
DESCRIPTION: An unspecified vulnerability in Oracle MySQL Server related to the Server : Memcached component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 3.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102363 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P)
CVEID: CVE-2015-0508
DESCRIPTION: An unspecified vulnerability in Oracle MySQL Server related to the Server : InnoDB component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102352 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P)
Affected Products and Versions
|
Affected Product and Version(s) | Product and Version shipped as a component |
| Tivoli Network Manager 3.8 | 3.8 ships both MySQL Connector and MySQL Server 5.0 |
| Tivoli Network Manager 3.9 | 3.9 ships MySQL Connector 5.6 |
Remediation/Fixes
Get Notified about Future Security Bulletins
References
*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.
Disclaimer
Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.
Was this topic helpful?
Document Information
Modified date:
17 June 2018
UID
swg21902454