CVE-2001-1275 — Oracle Mysql vulnerability

4 documents4 sources

Severity

7.2HIGHNVD

EPSS

0.5%

top 36.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle Mysql

Timeline

PublishedJan 19

Latest updateApr 30

Description

MySQL before 3.23.31 allows users with a MySQL account to use the SHOW GRANTS command to obtain the encrypted administrator password from the mysql.user table and possibly gain privileges via password cracking.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

▶NVDoracle/mysql3.23.31

Patches

Patch: www.redhat.com ↗Patch: www.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-jr9h-ffpv-wrqm: MySQL before 3↗2022-04-30

▶

📋Vendor Advisories

Red Hat

security flaw↗2001-01-23

▶

💬Community

Bugzilla

CVE-2001-1275 security flaw↗2018-08-16

▶