CVE-2016-5590 — Oracle Mysql Enterprise Monitor vulnerability

3 documents3 sources

Severity

7.2HIGHNVD

EPSS

0.8%

top 25.99%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle Mysql Enterprise Monitor

Timeline

PublishedJan 27

Latest updateMay 17

Description

Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Agent). Supported versions that are affected are 3.1.3.7856 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via TLS to compromise MySQL Enterprise Monitor. Successful attacks of this vulnerability can result in takeover of MySQL Enterprise Monitor. CVSS v3.0 Base Score 7.2 (Confidentiality, Integrity and Availability impacts).

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

▶NVDoracle/mysql_enterprise_monitor3.1.3.7856

▶CVEListV5oracle/mysql_enterprise_monitor3.1.3.7856 and earlier

Patches

Patch: www.oracle.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

GHSA

GHSA-9v29-vghv-pj7f: Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Agent)↗2022-05-17

▶

CVEList

CVE-2016-5590: Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Agent)↗2017-01-27

▶