CVE-2018-3084 : Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Shell

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Shell: Core / Client). Supported versions that are affected are 8.0.11 and prior. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.0 Base Score 2.8 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L).

Published 2018-07-18 13:29:09

Updated 2023-05-31 13:37:01

Source Oracle

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2018-3084

Oracle » Mysql
Versions from including (>=) 8.0.0 and up to, including, (<=) 8.0.11
cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
Matching versions
Netapp » Oncommand Workflow Automation » Version: N/A
cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
Matching versions
Netapp » Oncommand Insight » Version: N/A
cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
Matching versions
Netapp » Storage Automation Store » Version: N/A
cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*
Matching versions
Netapp » Snapcenter » Version: N/A
cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2018-3084

EPSS FAQ

0.19%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 41 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2018-3084

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
1.9	LOW	AV:L/AC:M/Au:N/C:N/I:N/A:P	3.4	2.9	NIST
Access Vector: Local Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial
2.8	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L	1.3	1.4	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: Required Scope: Unchanged Confidentiality: None Integrity: None Availability: Low

References for CVE-2018-3084

http://www.securityfocus.com/bid/104788

Oracle MySQL Server CVE-2018-3084 Local Security Vulnerability
Third Party Advisory;VDB Entry
https://security.netapp.com/advisory/ntap-20180726-0002/

July 2018 MySQL Vulnerabilities in NetApp Products | NetApp Product Security
Patch;Third Party Advisory

CVEs referencing this url
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

CPU July 2018
Patch;Vendor Advisory

CVEs referencing this url
http://www.securitytracker.com/id/1041294

MySQL Multiple Flaws Let Remote Users Access and Gain Elevated Privileges, Remote Authenticated and Local Users Deny Service, and Remote Authenticated Users Modify Data - SecurityTracker
Third Party Advisory;VDB Entry

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2018-3084

Products affected by CVE-2018-3084

Exploit prediction scoring system (EPSS) score for CVE-2018-3084

CVSS scores for CVE-2018-3084

References for CVE-2018-3084