IBM Support

Security Bulletin: IBM Security Guardium is affected by a publicly disclosed vulnerability from Oracle MySQL

Security Bulletin


Summary

IBM Security Guardium has addressed the following vulnerabilities.

Vulnerability Details

CVEID: CVE-2018-3283
DESCRIPTION: An unspecified vulnerability in Oracle MySQL related to the Server Server: Logging component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 4.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/151596 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2018-3162
DESCRIPTION: An unspecified vulnerability in Oracle MySQL related to the Server InnoDB component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 4.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/151479 for the current score
CVSS Environmental Score*: Undefined



CVE-ID: CVE-2018-3279
Description: An unspecified vulnerability in Oracle MySQL related to the Server Server: Security: Roles component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 4.9
CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/151592 for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVE-ID: CVE-2018-3258
Description: An unspecified vulnerability in Oracle MySQL related to the Connectors Connector/J component could allow an authenticated attacker to take control of the system.
CVSS Base Score: 8.8
CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/151572 for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVE-ID: CVE-2018-3137
Description: An unspecified vulnerability in Oracle MySQL related to the Server Server: Optimizer component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 6.5
CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/151453 for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVE-ID: CVE-2018-3156
Description: An unspecified vulnerability in Oracle MySQL related to the Server InnoDB component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 6.5
CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/151472 for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVE-ID: CVE-2018-3277
Description: An unspecified vulnerability in Oracle MySQL related to the Server InnoDB component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 4.9
CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/151590 for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVE-ID: CVE-2018-3212
Description: An unspecified vulnerability in Oracle MySQL related to the Server Server: Information Schema component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 4.9
CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/151528 for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVE-ID: CVE-2018-3278
Description: An unspecified vulnerability in Oracle MySQL related to the Server Server: RBR component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 4.9
CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/151591 for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVE-ID: CVE-2018-3276
Description: An unspecified vulnerability in Oracle MySQL related to the Server Server: Memcached component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 4.9
CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/151589 for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVE-ID: CVE-2018-3133
Description: An unspecified vulnerability in Oracle MySQL related to the Server Server: Parser component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 6.5
CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/151449 for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVE-ID: CVE-2018-3155
Description: An unspecified vulnerability in Oracle MySQL related to the Server Server: Parser component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 7.7
CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/151471 for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H)

CVE-ID: CVE-2018-3251
Description: An unspecified vulnerability in Oracle MySQL related to the Server InnoDB component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 6.5
CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/151565 for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVE-ID: CVE-2018-3174
Description: An unspecified vulnerability in Oracle MySQL related to the Server Client programs component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 5.3
CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/151491 for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H)

CVE-ID: CVE-2018-3195
Description: An unspecified vulnerability in Oracle MySQL related to the Server Server: DDL component could allow an authenticated attacker to cause no confidentiality impact, low integrity impact, and high availability impact.
CVSS Base Score: 5.5
CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/151512 for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H)

CVE-ID: CVE-2018-3173
Description: An unspecified vulnerability in Oracle MySQL related to the Server InnoDB component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 4.9
CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/151490 for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVE-ID: CVE-2018-3170
Description: An unspecified vulnerability in Oracle MySQL related to the Server Server: DDL component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 4.9
CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/151487 for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVE-ID: CVE-2018-3171
Description: An unspecified vulnerability in Oracle MySQL related to the Server Server: Partition component could allow an authenticated attacker to cause no confidentiality impact, low integrity impact, and high availability impact.
CVSS Base Score: 5.0
CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/151488 for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H)

CVE-ID: CVE-2018-3247
Description: An unspecified vulnerability in Oracle MySQL related to the Server Server: Merge component could allow an authenticated attacker to cause no confidentiality impact, low integrity impact, and high availability impact.
CVSS Base Score: 5.5
CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/151561 for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H)

CVE-ID: CVE-2018-3203
Description: An unspecified vulnerability in Oracle MySQL related to the Server Server: Optimizer component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 6.5
CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/151519 for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVE-ID: CVE-2018-3145
Description: An unspecified vulnerability in Oracle MySQL related to the Server Server: Parser component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 6.5
CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/151461 for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVE-ID: CVE-2018-3200
Description: An unspecified vulnerability in Oracle MySQL related to the Server InnoDB component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 4.9
CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/151516 for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVE-ID: CVE-2018-3286
Description: An unspecified vulnerability in Oracle MySQL related to the Server Server: Security: Privileges component could allow an authenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact.
CVSS Base Score: 4.3
CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/151599 for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)

CVE-ID: CVE-2018-3143
Description: An unspecified vulnerability in Oracle MySQL related to the Server InnoDB component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 6.5
CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/151459 for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVE-ID: CVE-2018-3187
Description: An unspecified vulnerability in Oracle MySQL related to the Server Server: Optimizer component could allow an authenticated attacker to cause no confidentiality impact, low integrity impact, and high availability impact.
CVSS Base Score: 5.5
CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/151504 for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H)

CVE-ID: CVE-2018-3144
Description: An unspecified vulnerability in Oracle MySQL related to the Server Server: Security: Audit component could allow an unauthenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 5.9
CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/151460 for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVE-ID: CVE-2018-3284
Description: An unspecified vulnerability in Oracle MySQL related to the Server InnoDB component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 4.4
CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/151597 for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVE-ID: CVE-2018-3185
Description: An unspecified vulnerability in Oracle MySQL related to the Server InnoDB component could allow an authenticated attacker to cause no confidentiality impact, low integrity impact, and high availability impact.
CVSS Base Score: 5.5
CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/151502 for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H)

CVE-ID: CVE-2018-3285
Description: An unspecified vulnerability in Oracle MySQL related to the Server Server: Windows component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 4.9
CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/151598 for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVE-ID: CVE-2018-3186
Description: An unspecified vulnerability in Oracle MySQL related to the Server Server: Optimizer component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 4.9
CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/151503 for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVE-ID: CVE-2018-3161
Description: An unspecified vulnerability in Oracle MySQL related to the Server Server: Partition component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 4.9
CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/151478 for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVE-ID: CVE-2018-3282
Description: An unspecified vulnerability in Oracle MySQL related to the Server Server: Storage Engines component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 4.9
CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/151595 for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected IBM Security Guardium

Affected Versions
IBM Security Guardium 10.6
IBM Security Guardium 10 - 10.5
IBM Security Guardium 9.0 - 9.5

Remediation/Fixes

Product
VRMF
Remediation / First Fix
IBM Security Guardium 10.6 http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=10.0&platform=All&function=fixId&fixids=SqlGuard_10.0p610_Combined-Fix-Pack-for-GPU-600_2019-02-27&includeSupersedes=0&source=fc
IBM Security Guardium 10-10.5 http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=10.0&platform=All&function=fixId&fixids=SqlGuard_10.0p520_Bundle_Dec-06-2018&includeSupersedes=0&source=fc
IBM Security Guardium 9.0 -9.5 http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=9.0&platform=All&function=fixId&fixids=SqlGuard_9.0p775_CombinedFixPackForGPU750_64-bit&includeSupersedes=0&source=fc

Workarounds and Mitigations

None

Get Notified about Future Security Bulletins

References

Off

Change History

Jan 3, 2019: Original version published
Feb 7, 2019: Second version published
March 6, 2019: Second version published

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

Disclaimer

Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.

Internal Use Only

123915; 123904

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"Component":"--","Platform":[{"code":"PF016","label":"Linux"}],"Version":"10 - 10.6\n9.0 -9.5","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
06 March 2019

UID

ibm10793777