CVE-2014-6551 : Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality via vectors related to CLIENT:MYSQLADMIN.

Published 2014-10-15 22:55:08

Updated 2022-09-15 21:04:27

Source Oracle

View at NVD, CVE.org

Threat overview for CVE-2014-6551

Top countries where our scanners detected CVE-2014-6551

Top open port discovered on systems with this issue 3306

IPs affected by CVE-2014-6551 218,224

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2014-6551!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2014-6551

Probability of exploitation activity in the next 30 days: 0.06%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 23 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2014-6551

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
2.1	LOW	AV:L/AC:L/Au:N/C:P/I:N/A:N	3.9	2.9	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

References for CVE-2014-6551

http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

Oracle Solaris Third Party Bulletin - October 2015
Vendor Advisory

CVEs referencing this url
http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html

Oracle Critical Patch Update - October 2014
Patch;Vendor Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html

[security-announce] SUSE-SU-2015:0743-1: important: Security update for
Mailing List;Third Party Advisory

CVEs referencing this url
http://www.securityfocus.com/bid/70462

Oracle MySQL Server CVE-2014-6551 Local Security Vulnerability
Third Party Advisory;VDB Entry

Products affected by CVE-2014-6551

Suse » Linux Enterprise Desktop » Version: 12
cpe:2.3:o:suse:linux_enterprise_desktop:12:-:*:*:*:*:*:*
Matching versions
Suse » Linux Enterprise Server » Version: 12
cpe:2.3:o:suse:linux_enterprise_server:12:-:*:*:*:*:*:*
Matching versions
Suse » Linux Enterprise Workstation Extension » Version: 12
cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:-:*:*:*:*:*:*
Matching versions
Suse » Linux Enterprise Software Development Kit » Version: 12
cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:-:*:*:*:*:*:*
Matching versions
Oracle » Solaris » Version: 11.3
cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*
Matching versions
Oracle » Mysql
Versions from including (>=) 5.5.0 and up to, including, (<=) 5.5.38
cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
Matching versions
Oracle » Mysql
Versions from including (>=) 5.6.0 and up to, including, (<=) 5.6.19
cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
Matching versions
Mariadb » Mariadb
Versions from including (>=) 10.0.0 and before (<) 10.0.13
cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
Matching versions
Mariadb » Mariadb
Versions from including (>=) 5.5.0 and before (<) 5.5.39
cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2014-6551

Threat overview for CVE-2014-6551

Exploit prediction scoring system (EPSS) score for CVE-2014-6551

CVSS scores for CVE-2014-6551

References for CVE-2014-6551

Products affected by CVE-2014-6551