CVE-2014-4240

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows local users to affect confidentiality and integrity via vectors related to SRREP.

CVSS v2.0 3.6 LOW

3.6^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:N

Exploitability : 3.9 / Impact : 4.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html
http://seclists.org/fulldisclosure/2014/Dec/23
http://secunia.com/advisories/60425
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html	Vendor Advisory
http://www.securityfocus.com/archive/1/534161/100/0/threaded
http://www.securityfocus.com/bid/68602
http://www.securitytracker.com/id/1030578
http://www.vmware.com/security/advisories/VMSA-2014-0012.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/94626

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:oracle:mysql::::::::
	cpe:2.3:a:oracle:mysql:5.6.0:::::::*
	cpe:2.3:a:oracle:mysql:5.6.1:::::::*
	cpe:2.3:a:oracle:mysql:5.6.2:::::::*
	cpe:2.3:a:oracle:mysql:5.6.3:::::::*
	cpe:2.3:a:oracle:mysql:5.6.4:::::::*
	cpe:2.3:a:oracle:mysql:5.6.5:::::::*
	cpe:2.3:a:oracle:mysql:5.6.6:::::::*
	cpe:2.3:a:oracle:mysql:5.6.7:::::::*
	cpe:2.3:a:oracle:mysql:5.6.8:::::::*
	cpe:2.3:a:oracle:mysql:5.6.9:::::::*
	cpe:2.3:a:oracle:mysql:5.6.10:::::::*
	cpe:2.3:a:oracle:mysql:5.6.11:::::::*
	cpe:2.3:a:oracle:mysql:5.6.12:::::::*
	cpe:2.3:a:oracle:mysql:5.6.13:::::::*
	cpe:2.3:a:oracle:mysql:5.6.14:::::::*
	cpe:2.3:a:oracle:mysql:5.6.15:::::::*
	cpe:2.3:a:oracle:mysql:5.6.16:::::::*

History

No history.

Information

Published : 2014-07-17 11:17

Updated : 2018-10-09 19:48

NVD link : CVE-2014-4240

Mitre link : CVE-2014-4240

CVE.ORG link : CVE-2014-4240

JSON object : View

Products Affected

oracle

mysql

CWE

NVD-CWE-noinfo

{"id": "CVE-2014-4240", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-07-17T11:17:09.967", "references": [{"url": "http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html", "source": "secalert_us@oracle.com"}, {"url": "http://seclists.org/fulldisclosure/2014/Dec/23", "source": "secalert_us@oracle.com"}, {"url": "http://secunia.com/advisories/60425", "source": "secalert_us@oracle.com"}, {"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html", "tags": ["Vendor Advisory"], "source": "secalert_us@oracle.com"}, {"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded", "source": "secalert_us@oracle.com"}, {"url": "http://www.securityfocus.com/bid/68602", "source": "secalert_us@oracle.com"}, {"url": "http://www.securitytracker.com/id/1030578", "source": "secalert_us@oracle.com"}, {"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html", "source": "secalert_us@oracle.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94626", "source": "secalert_us@oracle.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows local users to affect confidentiality and integrity via vectors related to SRREP."}, {"lang": "es", "value": "Vulnerabilidad no especificada en el componente MySQL Server en Oracle MySQL 5.6.17 y anteriores permite a usuarios locales afectar la confidencialidad e integridad a trav\u00e9s de vectores relacionados con SRREP."}], "lastModified": "2018-10-09T19:48:24.110", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D91CF491-A8C9-4C3C-A0CC-33980DF395F0", "versionEndIncluding": "5.6.17"}, {"criteria": "cpe:2.3:a:oracle:mysql:5.6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E0089EDF-4806-417D-A4F1-63FF03C5AEF3"}, {"criteria": "cpe:2.3:a:oracle:mysql:5.6.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "898A5CD5-83A5-4335-835F-759F82862753"}, {"criteria": "cpe:2.3:a:oracle:mysql:5.6.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C851FA0E-357E-4B9E-A441-9C74B3526B37"}, {"criteria": "cpe:2.3:a:oracle:mysql:5.6.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B12FA18C-AB93-4522-AA2C-303342452E59"}, {"criteria": "cpe:2.3:a:oracle:mysql:5.6.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6FD31981-E3ED-41D0-92EB-ABA7490D60E5"}, {"criteria": "cpe:2.3:a:oracle:mysql:5.6.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2E918FF1-8B40-4DC3-9269-1D3BFD18C58D"}, {"criteria": "cpe:2.3:a:oracle:mysql:5.6.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4BCD7C2D-49E9-4D78-90CF-F747A1584269"}, {"criteria": "cpe:2.3:a:oracle:mysql:5.6.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7956E471-E98A-4527-A5F4-863210E09D5A"}, {"criteria": "cpe:2.3:a:oracle:mysql:5.6.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "615F499A-5C33-4E79-80FA-9A1453D8A3D4"}, {"criteria": "cpe:2.3:a:oracle:mysql:5.6.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4AD40EA2-F432-4F89-9E59-0DB4D415CA85"}, {"criteria": "cpe:2.3:a:oracle:mysql:5.6.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "41494A2D-4BBC-4C3B-841F-878C2430A444"}, {"criteria": "cpe:2.3:a:oracle:mysql:5.6.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A62DA4D8-27B4-4026-9035-75AC35F58439"}, {"criteria": "cpe:2.3:a:oracle:mysql:5.6.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D6DF5346-DC9A-4615-BEAC-2F5FD57C3B6B"}, {"criteria": "cpe:2.3:a:oracle:mysql:5.6.13:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E948C884-E747-4E7C-B111-4A8DA22E421C"}, {"criteria": "cpe:2.3:a:oracle:mysql:5.6.14:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0F933CF3-A850-4D3F-A16D-8129E246BF55"}, {"criteria": "cpe:2.3:a:oracle:mysql:5.6.15:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "038D17E1-2932-4D47-A748-F8A1D46B6721"}, {"criteria": "cpe:2.3:a:oracle:mysql:5.6.16:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E9028492-4114-4C9A-9E88-4B6C4FA6CC2C"}], "operator": "OR"}]}], "sourceIdentifier": "secalert_us@oracle.com"}