CVE-2020-14765

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

References

https://www.oracle.com/security-alerts/cpuoct2020.html

https://security.netapp.com/advisory/ntap-20201023-0003/

https://lists.fedoraproject.org/archives/list/[email protected]/message/GZU3PA5XJXNQ4C4F6435ARM6WKM3OZYR/

https://lists.fedoraproject.org/archives/list/[email protected]/message/O7RVY2Z7HYQHFJXBGARXUAGKUDAWYPP4/

https://lists.fedoraproject.org/archives/list/[email protected]/message/ZVS6KNVBZCLZBKNJ5JA2PGAG3NTOJVH6/

https://lists.fedoraproject.org/archives/list/[email protected]/message/JBZZ3XIRPFPAWBZLYBN777ANXSFXAPPB/

https://lists.fedoraproject.org/archives/list/[email protected]/message/OPW5YMZR5C7D7NBZQSTDOB3XAI5QP32Y/

https://lists.fedoraproject.org/archives/list/[email protected]/message/X4X2BMF3EILMTXGOZDTPYS3KT5VWLA2P/

https://lists.debian.org/debian-lts-announce/2021/01/msg00027.html

https://security.gentoo.org/glsa/202105-27

Details

Source: MITRE

Published: 2020-10-21

Updated: 2021-05-26

Risk Information

CVSS v2

Base Score: 6.8

Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C

Impact Score: 6.9

Exploitability Score: 8

Severity: MEDIUM

CVSS v3

Base Score: 6.5

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 2.8

Severity: MEDIUM

Tenable Plugins

View all (38 total)

IDNameProductFamilySeverity
154083RHEL 7 : rh-mysql80-mysql (RHSA-2021:3811)NessusRed Hat Local Security Checks
medium
153575Oracle Linux 8 : mysql:8.0 (ELSA-2021-3590)NessusOracle Linux Local Security Checks
medium
153522RHEL 8 : mysql:8.0 (RHSA-2021:3590)NessusRed Hat Local Security Checks
medium
153519CentOS 8 : mysql:8.0 (CESA-2021:3590)NessusCentOS Local Security Checks
medium
148357Photon OS 4.0: Mysql PHSA-2021-4.0-0007NessusPhotonOS Local Security Checks
high
146017CentOS 8 : mariadb:10.3 (CESA-2020:5500)NessusCentOS Local Security Checks
critical
145725Debian DLA-2538-1 : mariadb-10.1 security updateNessusDebian Local Security Checks
medium
145008Amazon Linux AMI : mysql56 (ALAS-2021-1464)NessusAmazon Linux Local Security Checks
medium
144555RHEL 8 : mariadb:10.3 (RHSA-2020:5663)NessusRed Hat Local Security Checks
critical
144550RHEL 8 : mariadb:10.3 (RHSA-2020:5665)NessusRed Hat Local Security Checks
critical
144548RHEL 8 : mariadb:10.3 (RHSA-2020:5654)NessusRed Hat Local Security Checks
critical
144470Amazon Linux AMI : mysql56 (ALAS-2020-1465) (deprecated)NessusAmazon Linux Local Security Checks
medium
144418RHEL 8 : mariadb:10.3 (RHSA-2020:5500)NessusRed Hat Local Security Checks
critical
144375Oracle Linux 8 : mariadb:10.3 (ELSA-2020-5500)NessusOracle Linux Local Security Checks
critical
144321openSUSE Security Update : mariadb (openSUSE-2020-2254)NessusSuSE Local Security Checks
critical
143812SUSE SLES15 Security Update : mariadb (SUSE-SU-2020:3564-1)NessusSuSE Local Security Checks
medium
143796SUSE SLED15 / SLES15 Security Update : mariadb (SUSE-SU-2020:3500-1)NessusSuSE Local Security Checks
medium
143738SUSE SLES12 Security Update : mariadb (SUSE-SU-2020:3497-1)NessusSuSE Local Security Checks
medium
143497openSUSE Security Update : mariadb (openSUSE-2020-2149)NessusSuSE Local Security Checks
critical
143319openSUSE Security Update : mariadb-connector-c (openSUSE-2020-2090)NessusSuSE Local Security Checks
critical
143062Photon OS 1.0: Mysql PHSA-2020-1.0-0338NessusPhotonOS Local Security Checks
medium
142860Fedora 31 : 3:mariadb / galera / mariadb-connector-c (2020-ac2d47d89a)NessusFedora Local Security Checks
high
142657Photon OS 3.0: Mysql PHSA-2020-3.0-0160NessusPhotonOS Local Security Checks
high
142653Photon OS 2.0: Mysql PHSA-2020-2.0-0294NessusPhotonOS Local Security Checks
medium
142636Fedora 32 : 3:mariadb / galera / mariadb-connector-c (2020-b995eb2973)NessusFedora Local Security Checks
medium
142614Fedora 33 : 3:mariadb / galera / mariadb-connector-c (2020-561eed63ef)NessusFedora Local Security Checks
medium
142580Fedora 32 : community-mysql (2020-4f9ee82bc5)NessusFedora Local Security Checks
medium
142518Fedora 31 : community-mysql (2020-53df1c05be)NessusFedora Local Security Checks
medium
142509Fedora 33 : community-mysql (2020-eee64a579c)NessusFedora Local Security Checks
medium
142221MariaDB 10.5.0 < 10.5.7 Multiple VulnerabilitiesNessusDatabases
medium
142220MariaDB 10.2.0 < 10.2.35 Multiple VulnerabilitiesNessusDatabases
medium
142219MariaDB 10.1.0 < 10.1.48 Multiple VulnerabilitiesNessusDatabases
medium
142216MariaDB 10.3.0 < 10.3.26 Multiple VulnerabilitiesNessusDatabases
medium
141937Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 : MySQL vulnerabilities (USN-4604-1)NessusUbuntu Local Security Checks
high
141798MySQL 8.0.x < 8.0.22 Multiple Vulnerabilities (Oct 2020 CPU)NessusDatabases
high
141797MySQL 5.7.x < 5.7.32 Multiple Vulnerabilities (Oct 2020 CPU)NessusDatabases
medium
141796MySQL 5.6.x < 5.6.50 Multiple Vulnerabilities (Oct 2020 CPU)NessusDatabases
medium
141793FreeBSD : MySQL -- Multiple vulnerabilities (4fba07ca-13aa-11eb-b31e-d4c9ef517024)NessusFreeBSD Local Security Checks
high