IBM Security Guardium update for MySQL
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 24 |
| CVE-ID | CVE-2022-21509 CVE-2022-21529 CVE-2022-21525 CVE-2022-21515 CVE-2022-21528 CVE-2022-21519 CVE-2022-21517 CVE-2022-21531 CVE-2022-21527 CVE-2022-21526 CVE-2022-21455 CVE-2022-21530 CVE-2022-21538 CVE-2022-21522 CVE-2022-21539 CVE-2022-21569 CVE-2022-21550 CVE-2022-21535 CVE-2022-21555 CVE-2022-21553 CVE-2022-21537 CVE-2022-21534 CVE-2022-21547 CVE-2022-21556 |
| CWE-ID | CWE-20 CWE-191 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
IBM Security Guardium Client/Desktop applications / Antivirus software/Personal firewalls |
| Vendor | IBM Corporation |
Security Bulletin
This security bulletin contains information about 24 vulnerabilities.
1) Improper input validation
EUVDB-ID: #VU65510
Risk: Medium
CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21509
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to damange or delete data.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Security Guardium: 10.5 - 11.4
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_security_guardium:11.4:*:*:*:*:*:*:
- cpe:2.3:a:ibm_corporation:ibm_security_guardium:11.3:*:*:*:*:*:*:
- cpe:2.3:a:ibm_corporation:ibm_security_guardium:10.5:*:*:*:*:*:*:
http://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-in-oracle-mysql/
http://www.ibm.com/support/pages/node/6842821
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper input validation
EUVDB-ID: #VU65517
Risk: Medium
CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21529
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Security Guardium: 10.5 - 11.4
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_security_guardium:11.4:*:*:*:*:*:*:
- cpe:2.3:a:ibm_corporation:ibm_security_guardium:11.3:*:*:*:*:*:*:
- cpe:2.3:a:ibm_corporation:ibm_security_guardium:10.5:*:*:*:*:*:*:
http://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-in-oracle-mysql/
http://www.ibm.com/support/pages/node/6842821
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Improper input validation
EUVDB-ID: #VU65515
Risk: Medium
CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21525
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Security Guardium: 10.5 - 11.4
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_security_guardium:11.4:*:*:*:*:*:*:
- cpe:2.3:a:ibm_corporation:ibm_security_guardium:11.3:*:*:*:*:*:*:
- cpe:2.3:a:ibm_corporation:ibm_security_guardium:10.5:*:*:*:*:*:*:
http://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-in-oracle-mysql/
http://www.ibm.com/support/pages/node/6842821
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Improper input validation
EUVDB-ID: #VU65521
Risk: Medium
CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21515
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Options component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Security Guardium: 10.5 - 11.4
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_security_guardium:11.4:*:*:*:*:*:*:
- cpe:2.3:a:ibm_corporation:ibm_security_guardium:11.3:*:*:*:*:*:*:
- cpe:2.3:a:ibm_corporation:ibm_security_guardium:10.5:*:*:*:*:*:*:
http://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-in-oracle-mysql/
http://www.ibm.com/support/pages/node/6842821
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Improper input validation
EUVDB-ID: #VU65509
Risk: Medium
CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21528
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to damange or delete data.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Security Guardium: 10.5 - 11.4
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_security_guardium:11.4:*:*:*:*:*:*:
- cpe:2.3:a:ibm_corporation:ibm_security_guardium:11.3:*:*:*:*:*:*:
- cpe:2.3:a:ibm_corporation:ibm_security_guardium:10.5:*:*:*:*:*:*:
http://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-in-oracle-mysql/
http://www.ibm.com/support/pages/node/6842821
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Improper input validation
EUVDB-ID: #VU65507
Risk: Medium
CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21519
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Cluster: General component in MySQL Cluster. A remote non-authenticated attacker can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Security Guardium: 10.5 - 11.4
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_security_guardium:11.4:*:*:*:*:*:*:
- cpe:2.3:a:ibm_corporation:ibm_security_guardium:11.3:*:*:*:*:*:*:
- cpe:2.3:a:ibm_corporation:ibm_security_guardium:10.5:*:*:*:*:*:*:
http://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-in-oracle-mysql/
http://www.ibm.com/support/pages/node/6842821
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Improper input validation
EUVDB-ID: #VU65512
Risk: Medium
CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21517
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Security Guardium: 10.5 - 11.4
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_security_guardium:11.4:*:*:*:*:*:*:
- cpe:2.3:a:ibm_corporation:ibm_security_guardium:11.3:*:*:*:*:*:*:
- cpe:2.3:a:ibm_corporation:ibm_security_guardium:10.5:*:*:*:*:*:*:
http://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-in-oracle-mysql/
http://www.ibm.com/support/pages/node/6842821
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Improper input validation
EUVDB-ID: #VU65519
Risk: Medium
CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21531
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Security Guardium: 10.5 - 11.4
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_security_guardium:11.4:*:*:*:*:*:*:
- cpe:2.3:a:ibm_corporation:ibm_security_guardium:11.3:*:*:*:*:*:*:
- cpe:2.3:a:ibm_corporation:ibm_security_guardium:10.5:*:*:*:*:*:*:
http://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-in-oracle-mysql/
http://www.ibm.com/support/pages/node/6842821
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Improper input validation
EUVDB-ID: #VU65508
Risk: Medium
CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21527
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to damange or delete data.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Security Guardium: 10.5 - 11.4
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_security_guardium:11.4:*:*:*:*:*:*:
- cpe:2.3:a:ibm_corporation:ibm_security_guardium:11.3:*:*:*:*:*:*:
- cpe:2.3:a:ibm_corporation:ibm_security_guardium:10.5:*:*:*:*:*:*:
http://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-in-oracle-mysql/
http://www.ibm.com/support/pages/node/6842821
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Improper input validation
EUVDB-ID: #VU65516
Risk: Medium
CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21526
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Security Guardium: 10.5 - 11.4
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_security_guardium:11.4:*:*:*:*:*:*:
- cpe:2.3:a:ibm_corporation:ibm_security_guardium:11.3:*:*:*:*:*:*:
- cpe:2.3:a:ibm_corporation:ibm_security_guardium:10.5:*:*:*:*:*:*:
http://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-in-oracle-mysql/
http://www.ibm.com/support/pages/node/6842821
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Improper input validation
EUVDB-ID: #VU65522
Risk: Medium
CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21455
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to manipulate data.
The vulnerability exists due to improper input validation within the Server: PAM Auth Plugin component in MySQL Server. A remote privileged user can exploit this vulnerability to manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Security Guardium: 10.5 - 11.4
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_security_guardium:11.4:*:*:*:*:*:*:
- cpe:2.3:a:ibm_corporation:ibm_security_guardium:11.3:*:*:*:*:*:*:
- cpe:2.3:a:ibm_corporation:ibm_security_guardium:10.5:*:*:*:*:*:*:
http://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-in-oracle-mysql/
http://www.ibm.com/support/pages/node/6842821
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Improper input validation
EUVDB-ID: #VU65518
Risk: Medium
CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21530
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Security Guardium: 10.5 - 11.4
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_security_guardium:11.4:*:*:*:*:*:*:
- cpe:2.3:a:ibm_corporation:ibm_security_guardium:11.3:*:*:*:*:*:*:
- cpe:2.3:a:ibm_corporation:ibm_security_guardium:10.5:*:*:*:*:*:*:
http://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-in-oracle-mysql/
http://www.ibm.com/support/pages/node/6842821
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Improper input validation
EUVDB-ID: #VU65526
Risk: Low
CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21538
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated user to perform service disruption.
The vulnerability exists due to improper input validation within the Server: Security: Encryption component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform service disruption.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Security Guardium: 10.5 - 11.4
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_security_guardium:11.4:*:*:*:*:*:*:
- cpe:2.3:a:ibm_corporation:ibm_security_guardium:11.3:*:*:*:*:*:*:
- cpe:2.3:a:ibm_corporation:ibm_security_guardium:10.5:*:*:*:*:*:*:
http://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-in-oracle-mysql/
http://www.ibm.com/support/pages/node/6842821
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Improper input validation
EUVDB-ID: #VU65524
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21522
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Stored Procedure component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Security Guardium: 10.5 - 11.4
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_security_guardium:11.4:*:*:*:*:*:*:
- cpe:2.3:a:ibm_corporation:ibm_security_guardium:11.3:*:*:*:*:*:*:
- cpe:2.3:a:ibm_corporation:ibm_security_guardium:10.5:*:*:*:*:*:*:
http://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-in-oracle-mysql/
http://www.ibm.com/support/pages/node/6842821
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Improper input validation
EUVDB-ID: #VU65511
Risk: Medium
CVSSv3.1: 4.4 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21539
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated user to read and manipulate data.
The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote authenticated user can exploit this vulnerability to read and manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Security Guardium: 10.5 - 11.4
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_security_guardium:11.4:*:*:*:*:*:*:
- cpe:2.3:a:ibm_corporation:ibm_security_guardium:11.3:*:*:*:*:*:*:
- cpe:2.3:a:ibm_corporation:ibm_security_guardium:10.5:*:*:*:*:*:*:
http://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-in-oracle-mysql/
http://www.ibm.com/support/pages/node/6842821
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Improper input validation
EUVDB-ID: #VU65505
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21569
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Security Guardium: 10.5 - 11.4
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_security_guardium:11.4:*:*:*:*:*:*:
- cpe:2.3:a:ibm_corporation:ibm_security_guardium:11.3:*:*:*:*:*:*:
- cpe:2.3:a:ibm_corporation:ibm_security_guardium:10.5:*:*:*:*:*:*:
http://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-in-oracle-mysql/
http://www.ibm.com/support/pages/node/6842821
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Integer underflow
EUVDB-ID: #VU65506
Risk: Medium
CVSSv3.1: 7 [CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21550
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to integer underflow when processing Data Node jobs. A remote user can send a specially crafted input to the affected application, trigger integer an underflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Security Guardium: 10.5 - 11.4
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_security_guardium:11.4:*:*:*:*:*:*:
- cpe:2.3:a:ibm_corporation:ibm_security_guardium:11.3:*:*:*:*:*:*:
- cpe:2.3:a:ibm_corporation:ibm_security_guardium:10.5:*:*:*:*:*:*:
http://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-in-oracle-mysql/
http://www.ibm.com/support/pages/node/6842821
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Improper input validation
EUVDB-ID: #VU65527
Risk: Low
CVSSv3.1: 2.2 [CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21535
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local non-authenticated attacker to perform service disruption.
The vulnerability exists due to improper input validation within the Shell: General/Core Client component in MySQL Shell. A local non-authenticated attacker can exploit this vulnerability to perform service disruption.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Security Guardium: 10.5 - 11.4
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_security_guardium:11.4:*:*:*:*:*:*:
- cpe:2.3:a:ibm_corporation:ibm_security_guardium:11.3:*:*:*:*:*:*:
- cpe:2.3:a:ibm_corporation:ibm_security_guardium:10.5:*:*:*:*:*:*:
http://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-in-oracle-mysql/
http://www.ibm.com/support/pages/node/6842821
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Improper input validation
EUVDB-ID: #VU65525
Risk: Low
CVSSv3.1: 3.7 [CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21555
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to read and manipulate data.
The vulnerability exists due to improper input validation within the Shell: GUI component in MySQL Shell for VS Code. A local privileged user can exploit this vulnerability to read and manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Security Guardium: 10.5 - 11.4
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_security_guardium:11.4:*:*:*:*:*:*:
- cpe:2.3:a:ibm_corporation:ibm_security_guardium:11.3:*:*:*:*:*:*:
- cpe:2.3:a:ibm_corporation:ibm_security_guardium:10.5:*:*:*:*:*:*:
http://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-in-oracle-mysql/
http://www.ibm.com/support/pages/node/6842821
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Improper input validation
EUVDB-ID: #VU65520
Risk: Medium
CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21553
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Security Guardium: 10.5 - 11.4
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_security_guardium:11.4:*:*:*:*:*:*:
- cpe:2.3:a:ibm_corporation:ibm_security_guardium:11.3:*:*:*:*:*:*:
- cpe:2.3:a:ibm_corporation:ibm_security_guardium:10.5:*:*:*:*:*:*:
http://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-in-oracle-mysql/
http://www.ibm.com/support/pages/node/6842821
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Improper input validation
EUVDB-ID: #VU65513
Risk: Medium
CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21537
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Security Guardium: 10.5 - 11.4
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_security_guardium:11.4:*:*:*:*:*:*:
- cpe:2.3:a:ibm_corporation:ibm_security_guardium:11.3:*:*:*:*:*:*:
- cpe:2.3:a:ibm_corporation:ibm_security_guardium:10.5:*:*:*:*:*:*:
http://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-in-oracle-mysql/
http://www.ibm.com/support/pages/node/6842821
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Improper input validation
EUVDB-ID: #VU65523
Risk: Medium
CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21534
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Stored Procedure component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Security Guardium: 10.5 - 11.4
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_security_guardium:11.4:*:*:*:*:*:*:
- cpe:2.3:a:ibm_corporation:ibm_security_guardium:11.3:*:*:*:*:*:*:
- cpe:2.3:a:ibm_corporation:ibm_security_guardium:10.5:*:*:*:*:*:*:
http://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-in-oracle-mysql/
http://www.ibm.com/support/pages/node/6842821
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Improper input validation
EUVDB-ID: #VU65514
Risk: Medium
CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21547
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Federated component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Security Guardium: 10.5 - 11.4
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_security_guardium:11.4:*:*:*:*:*:*:
- cpe:2.3:a:ibm_corporation:ibm_security_guardium:11.3:*:*:*:*:*:*:
- cpe:2.3:a:ibm_corporation:ibm_security_guardium:10.5:*:*:*:*:*:*:
http://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-in-oracle-mysql/
http://www.ibm.com/support/pages/node/6842821
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Improper input validation
EUVDB-ID: #VU65504
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21556
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to damange or delete data.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Security Guardium: 10.5 - 11.4
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_security_guardium:11.4:*:*:*:*:*:*:
- cpe:2.3:a:ibm_corporation:ibm_security_guardium:11.3:*:*:*:*:*:*:
- cpe:2.3:a:ibm_corporation:ibm_security_guardium:10.5:*:*:*:*:*:*:
http://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-in-oracle-mysql/
http://www.ibm.com/support/pages/node/6842821
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
