CVE-2015-2620

MEDIUM

Description

Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.23 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges.

References

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698

http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html

http://rhn.redhat.com/errata/RHSA-2015-1628.html

http://rhn.redhat.com/errata/RHSA-2015-1629.html

http://rhn.redhat.com/errata/RHSA-2015-1630.html

http://rhn.redhat.com/errata/RHSA-2015-1646.html

http://rhn.redhat.com/errata/RHSA-2015-1647.html

http://rhn.redhat.com/errata/RHSA-2015-1665.html

http://www.debian.org/security/2015/dsa-3308

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html

http://www.securityfocus.com/bid/75837

http://www.securitytracker.com/id/1032911

http://www.ubuntu.com/usn/USN-2674-1

https://security.gentoo.org/glsa/201610-06

Details

Source: MITRE

Published: 2015-07-16

Updated: 2019-02-05

Risk Information

CVSS v2.0

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:a:juniper:junos_space:*:*:*:*:*:*:*:* versions up to 15.1 (inclusive)

Configuration 4

OR

cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:* versions from 5.5.0 to 5.5.43 (inclusive)

cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:* versions from 5.6.0 to 5.6.23 (inclusive)

Tenable Plugins

View all (22 total)

IDNameProductFamilySeverity
93993GLSA-201610-06 : MySQL and MariaDB: Multiple vulnerabilitiesNessusGentoo Local Security Checks
medium
91778Juniper Junos Space < 15.1R1 Multiple Vulnerabilities (JSA10698)NessusJunos Local Security Checks
critical
9303MariaDB Server 10.0.x < 10.0.22 / 10.1.x < 10.1.9 Multiple VulnerabilitiesNessus Network MonitorDatabase
medium
9302MariaDB Server 5.4.x < 5.4.46 / 10.0.x < 10.0.22 Multiple VulnerabilitiesNessus Network MonitorDatabase
medium
9282MariaDB Server 10.0.x < 10.0.20 Multiple Vulnerabilities (BACKRONYM) Nessus Network MonitorDatabase
medium
9257Oracle MySQL 5.5.x < 5.5.44 / 5.6.x < 5.6.24 Multiple VulnerabilitiesNessus Network MonitorDatabase
low
86537SUSE SLED11 / SLES11 Security Update : mysql (SUSE-SU-2015:1788-1) (BACKRONYM)NessusSuSE Local Security Checks
medium
86182openSUSE Security Update : mysql-community-server (openSUSE-2015-608)NessusSuSE Local Security Checks
medium
85635CentOS 7 : mariadb (CESA-2015:1665) (BACKRONYM)NessusCentOS Local Security Checks
medium
85622Scientific Linux Security Update : mariadb on SL7.x x86_64 (20150824) (BACKRONYM)NessusScientific Linux Local Security Checks
medium
85616RHEL 7 : mariadb (RHSA-2015:1665) (BACKRONYM)NessusRed Hat Local Security Checks
medium
85612Oracle Linux 7 : mariadb (ELSA-2015-1665) (BACKRONYM)NessusOracle Linux Local Security Checks
medium
85538Oracle MySQL 5.6.x < 5.6.24 Multiple Vulnerabilities (July 2015 CPU) (October 2015 CPU)NessusDatabases
medium
85536Oracle MySQL 5.5.x < 5.5.44 Multiple Vulnerabilities (July 2015 CPU) (October 2015 CPU)NessusDatabases
medium
85499Scientific Linux Security Update : mysql55-mysql on SL5.x i386/x86_64 (20150817)NessusScientific Linux Local Security Checks
high
85488Oracle Linux 5 : mysql55-mysql (ELSA-2015-1628)NessusOracle Linux Local Security Checks
high
85460CentOS 5 : mysql55-mysql (CESA-2015:1628)NessusCentOS Local Security Checks
high
85443RHEL 5 : mysql55-mysql (RHSA-2015:1628)NessusRed Hat Local Security Checks
high
84915Ubuntu 12.04 LTS / 14.04 LTS / 14.10 / 15.04 : mysql-5.5, mysql-5.6 vulnerabilities (USN-2674-1)NessusUbuntu Local Security Checks
medium
84836Debian DSA-3308-1 : mysql-5.5 - security updateNessusDebian Local Security Checks
medium
84796MariaDB 10.0.x < 10.0.20 Multiple Vulnerabilities (BACKRONYM)NessusDatabases
medium
84767MySQL 5.5.x < 5.5.44 / 5.6.x < 5.6.25 Multiple Vulnerabilities (July 2015 CPU)NessusDatabases
medium