CVE-2019-2513 : Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Shell

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Shell). Supported versions that are affected are 8.0.13 and prior. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 2.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N).

Published 2019-01-16 19:30:35

Updated 2023-05-31 13:20:17

Source Oracle

View at NVD, CVE.org

Products affected by CVE-2019-2513

Oracle » Mysql
Versions from including (>=) 8.0.0 and before (<) 8.0.13
cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
Matching versions
Netapp » Oncommand Workflow Automation » Version: N/A
cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
Matching versions
Netapp » Oncommand Unified Manager » For Windows
Versions from including (>=) 7.3 and up to, including, (<=) 9.5
cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*
Matching versions
Netapp » Oncommand Unified Manager » For Vsphere
Versions from including (>=) 7.3 and up to, including, (<=) 9.5
cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*
Matching versions
Netapp » Storage Automation Store » Version: N/A
cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*
Matching versions
Netapp » Snapcenter » Version: N/A
cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2019-2513

EPSS FAQ

0.11%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 28 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2019-2513

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
1.2	LOW	AV:L/AC:H/Au:N/C:P/I:N/A:N	1.9	2.9	NIST
Access Vector: Local Access Complexity: High Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
2.5	LOW	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N	0.8	1.4	NIST
Attack Vector: Local Attack Complexity: High Privileges Required: Low User Interaction: Required Scope: Changed Confidentiality: Low Integrity: None Availability: None

References for CVE-2019-2513

https://security.netapp.com/advisory/ntap-20190118-0002/

January 2019 MySQL Vulnerabilities in NetApp Products | NetApp Product Security
Third Party Advisory

CVEs referencing this url
http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

Oracle Critical Patch Update - January 2019
Patch;Vendor Advisory

CVEs referencing this url
http://www.securityfocus.com/bid/106622

Oracle MySQL Server Multiple Local Security Vulnerabilities
Third Party Advisory;VDB Entry

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2019-2513

Products affected by CVE-2019-2513

Exploit prediction scoring system (EPSS) score for CVE-2019-2513

CVSS scores for CVE-2019-2513

References for CVE-2019-2513