Vulnerability Details : CVE-2018-2813
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).
Threat overview for CVE-2018-2813
Top countries where our scanners detected CVE-2018-2813
Top open port discovered on systems with this issue
3306
IPs affected by CVE-2018-2813 219,121
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2018-2813!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2018-2813
Probability of exploitation activity in the next 30 days: 0.11%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 43 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2018-2813
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:N/A:N |
8.0
|
2.9
|
NIST |
4.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
2.8
|
1.4
|
NIST |
References for CVE-2018-2813
-
https://usn.ubuntu.com/3629-3/
USN-3629-3: MySQL vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
Oracle Critical Patch Update - April 2018Patch;Vendor Advisory
-
https://usn.ubuntu.com/3629-1/
USN-3629-1: MySQL vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://security.netapp.com/advisory/ntap-20180419-0002/
April 2018 MySQL Vulnerabilities in NetApp Products | NetApp Product SecurityThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:2729
RHSA-2018:2729 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:2439
RHSA-2018:2439 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html
[SECURITY] [DLA 1407-1] mariadb-10.0 security updateMailing List;Third Party Advisory
-
https://security.gentoo.org/glsa/201908-24
MariaDB, MySQL: Multiple vulnerabilities (GLSA 201908-24) — Gentoo securityThird Party Advisory
-
https://usn.ubuntu.com/3629-2/
USN-3629-2: MySQL vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2019:1258
RHSA-2019:1258 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:3655
RHSA-2018:3655 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://www.securityfocus.com/bid/103830
Oracle MySQL Server CVE-2018-2813 Remote Security VulnerabilityThird Party Advisory;VDB Entry
-
https://www.debian.org/security/2018/dsa-4176
Debian -- Security Information -- DSA-4176-1 mysql-5.5Third Party Advisory
-
https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html
[SECURITY] [DLA 1355-1] mysql-5.5 security updateMailing List;Third Party Advisory
-
https://www.debian.org/security/2018/dsa-4341
Debian -- Security Information -- DSA-4341-1 mariadb-10.1Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:1254
RHSA-2018:1254 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://www.securitytracker.com/id/1040698
MySQL Multiple Flaws Let Remote Authenticated Users Access and Modify Data, Remote and Local Users Deny Service, and Local Users Access Data and Gain Elevated Privileges - SecurityTrackerBroken Link;Third Party Advisory;VDB Entry
Products affected by CVE-2018-2813
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openstack:12:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*
- cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*
- cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*
- cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
- cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
- cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
- cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*