ID CVE-2016-5590
Summary Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Agent). Supported versions that are affected are 3.1.3.7856 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via TLS to compromise MySQL Enterprise Monitor. Successful attacks of this vulnerability can result in takeover of MySQL Enterprise Monitor. CVSS v3.0 Base Score 7.2 (Confidentiality, Integrity and Availability impacts).
References
Vulnerable Configurations
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:3.0.25:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_enterprise_monitor:3.0.25:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:3.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_enterprise_monitor:3.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:3.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_enterprise_monitor:3.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:3.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_enterprise_monitor:3.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:3.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_enterprise_monitor:3.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_enterprise_monitor:3.1.3.7856:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_enterprise_monitor:3.1.3.7856:*:*:*:*:*:*:*
CVSS
Base: 6.5 (as of 26-07-2017 - 01:29)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:S/C:P/I:P/A:P
refmap via4
bid 95542
confirm http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html
sectrack 1037640
Last major update 26-07-2017 - 01:29
Published 27-01-2017 - 22:59
Last modified 26-07-2017 - 01:29
Back to Top