IBM Support

Security Bulletin: Multiple vulnerabilities in OpenSource Oracle Mysql affect IBM Security Guardium Database Activity Monitor

Security Bulletin


Summary

Several unspecified vulnerability in Oracle MySQL Server could allow a remote attacker to cause a denial of service, obtain information, and have partial confidentiality, integrity, and availability impact.

Vulnerability Details

CVEID: CVE-2015-4815
DESCRIPTION:
 An unspecified vulnerability in Oracle MySQL Server related to the Server : DDL component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/107383 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P)

CVEID: CVE-2015-4791
DESCRIPTION:
 An unspecified vulnerability in Oracle MySQL Server related to the Server : Security : Privileges component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 3.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/107402 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P)

CVEID: CVE-2015-4792
DESCRIPTION:
 An unspecified vulnerability in Oracle MySQL Server related to the Server : Partition component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 1.7
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/107407 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:M/C:N/I:N/A:P)

CVEID: CVE-2015-4800
DESCRIPTION:
 An unspecified vulnerability in Oracle MySQL Server related to the Server : Optimizer component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/107389 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P)

CVEID: CVE-2015-4802
DESCRIPTION:
 An unspecified vulnerability in Oracle MySQL Server related to the Server : Partition component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/107391 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P)

CVEID: CVE-2015-4807
DESCRIPTION:
 An unspecified vulnerability in Oracle MySQL Server related to the Server : Query Cache component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 3.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/107400 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P)

CVEID: CVE-2015-4816
DESCRIPTION:
 An unspecified vulnerability in Oracle MySQL Server related to the Server : InnoDB component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/107388 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P)

CVEID: CVE-2015-4730
DESCRIPTION:
 An unspecified vulnerability in Oracle MySQL Server related to the Server : Types component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/107394 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P)

CVEID: CVE-2015-4766
DESCRIPTION:
 An unspecified vulnerability in Oracle MySQL Server related to the Server : Security : Firewall component could allow a local attacker to cause a denial of service.
CVSS Base Score: 1.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/107406 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:M/Au:N/C:N/I:N/A:P)

CVEID: CVE-2015-4819
DESCRIPTION:
 An unspecified vulnerability in Oracle MySQL Server related to the Client programs component has complete confidentiality impact, complete integrity impact, and complete availability impact.
CVSS Base Score: 7.2
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/107381 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2015-4826
DESCRIPTION:
 An unspecified vulnerability in Oracle MySQL Server related to the Server : Types component could allow a remote attacker to obtain sensitive information.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/107395 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N)

CVEID: CVE-2015-4833
DESCRIPTION:
 An unspecified vulnerability in Oracle MySQL Server related to the Server : Partition component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/107392 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P)

CVEID: CVE-2015-4836
DESCRIPTION:
 An unspecified vulnerability in Oracle MySQL Server related to the Server : SP component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 2.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/107404 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:M/C:N/I:N/A:P)

CVEID: CVE-2015-4858
DESCRIPTION:
 An unspecified vulnerability in Oracle MySQL Server related to the Server : DML component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/107385 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P)

CVEID: CVE-2015-4861
DESCRIPTION:
 An unspecified vulnerability in Oracle MySQL Server related to the Server : InnoDB component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 3.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/107399 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P)

CVEID: CVE-2015-4861
DESCRIPTION:
 An unspecified vulnerability in Oracle MySQL Server related to the Server : InnoDB component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 3.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/107399 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P)

CVEID: CVE-2015-4862
DESCRIPTION:
 An unspecified vulnerability in Oracle MySQL Server related to the Server : DML component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/107386 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P)

CVEID: CVE-2015-4864
DESCRIPTION:
 An unspecified vulnerability in Oracle MySQL Server related to the Server : Security : Privileges component has no confidentiality impact, partial integrity impact, and no availability impact.
CVSS Base Score: 3.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/107403 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N)

CVEID: CVE-2015-4866
DESCRIPTION:
 An unspecified vulnerability in Oracle MySQL Server related to the Server : InnoDB component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/107387 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P)

CVEID: CVE-2015-4870
DESCRIPTION:
 An unspecified vulnerability in Oracle MySQL Server related to the Server : Parser component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/107390 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P)

CVEID: CVE-2015-4879
DESCRIPTION:
 An unspecified vulnerability in Oracle MySQL Server related to the Server : DML component has partial confidentiality impact, partial integrity impact, and partial availability impact.
CVSS Base Score: 4.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/107382 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:S/C:P/I:P/A:P)

CVEID: CVE-2015-4890
DESCRIPTION:
 An unspecified vulnerability in Oracle MySQL Server related to the Server : Replication component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 3.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/107401 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P)

CVEID: CVE-2015-4895
DESCRIPTION:
 An unspecified vulnerability in Oracle MySQL Server related to the Server : InnoDB component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 3.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/107398 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P)

CVEID: CVE-2015-4904
DESCRIPTION:
 An unspecified vulnerability in Oracle MySQL Server related to the libmysqld component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/107396 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P)

CVEID: CVE-2015-4905
DESCRIPTION:
 An unspecified vulnerability in Oracle MySQL Server related to the Server : DML component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/107384 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P)

CVEID: CVE-2015-4910
DESCRIPTION:
 An unspecified vulnerability in Oracle MySQL Server related to the Server : Memcached component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 2.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/107405 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:S/C:N/I:N/A:P)

CVEID: CVE-2015-4913
DESCRIPTION:
 An unspecified vulnerability in Oracle MySQL Server related to the Server : DML component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 3.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/107397 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P)

Affected Products and Versions

IBM Security Guardium Database Activity Monitor versions 9x, 10

Get Notified about Future Security Bulletins

References

Off

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

Disclaimer

Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.

[{"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Guardium Database Activity Monitor","Platform":[{"code":"PF016","label":"Linux"}],"Version":"10.0;9.0;9.1;9.5","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
16 June 2018

UID

swg21973719