CVE-2018-2877

EUVD-2018-14732
Vulnerability in the MySQL Cluster component of Oracle MySQL (subcomponent: Cluster: ndbcluster/plugin). Supported versions that are affected are 7.2.27 and prior, 7.3.16 and prior, 7.4.14 and prior and 7.5.5 and prior. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Cluster. CVSS 3.0 Base Score 5.0 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H).
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 27%
Affected Products (NVD)
VendorProductVersion
oraclemysql_cluster
7.2.0 ≤
𝑥
≤ 7.2.27
oraclemysql_cluster
7.3.1 ≤
𝑥
≤ 7.3.16
oraclemysql_cluster
7.4.1 ≤
𝑥
≤ 7.4.14
oraclemysql_cluster
7.5.0 ≤
𝑥
≤ 7.5.5
𝑥
= Vulnerable software versions
References
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
http://www.securityfocus.com/bid/103838
http://www.securitytracker.com/id/1040698
https://security.netapp.com/advisory/ntap-20180419-0002/
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
http://www.securityfocus.com/bid/103838
http://www.securitytracker.com/id/1040698
https://security.netapp.com/advisory/ntap-20180419-0002/