CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
---|---|---|
4.5 | $0-$5k | 0.00 |
A vulnerability was found in Oracle MySQL Server up to 5.6.17 (Database Software). It has been classified as problematic. This is going to have an impact on confidentiality, and integrity. CVE summarizes:
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows local users to affect confidentiality and integrity via vectors related to SRREP.
The weakness was shared 07/16/2014 with Oracle as Oracle Critical Patch Update Advisory - July 2014 as confirmed advisory (Website). The advisory is shared for download at oracle.com. This vulnerability is traded as CVE-2014-4240 since 06/17/2014. The exploitability is told to be easy. The attack needs to be approached locally. The exploitation doesn't require any form of authentication. There are neither technical details nor an exploit publicly available.
The commercial vulnerability scanner Qualys is able to test this issue with plugin 19935 (Oracle MySQL July 2014 Critical Patch Update).
Upgrading eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.
The vulnerability is also documented in the vulnerability database at X-Force (94626). The entries 13217, 13218, 13219 and 67096 are related to this item.
Product
Type
Vendor
Name
Version
License
CPE 2.3
CPE 2.2
CVSSv4
VulDB CVSS-B Score: 🔍VulDB CVSS-BT Score: 🔍
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.1VulDB Meta Temp Score: 4.5
VulDB Base Score: 5.1
VulDB Temp Score: 4.5
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
AV | AC | Au | C | I | A |
---|---|---|---|---|---|
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
---|---|---|---|---|---|
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: UnknownCWE: Unknown
ATT&CK: Unknown
Local: Yes
Remote: No
Availability: 🔍
Status: Unproven
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
0-Day | unlock | unlock | unlock | unlock |
---|---|---|---|---|
Today | unlock | unlock | unlock | unlock |
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Timeline
06/17/2014 🔍07/10/2014 🔍
07/15/2014 🔍
07/16/2014 🔍
07/16/2014 🔍
07/16/2014 🔍
07/16/2014 🔍
08/29/2014 🔍
02/09/2022 🔍
Sources
Vendor: oracle.comAdvisory: Oracle Critical Patch Update Advisory - July 2014
Organization: Oracle
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2014-4240 (🔍)
X-Force: 94626 - Oracle MySQL Server SRREP unspecified
SecurityTracker: 1030578
Vulnerability Center: 45489 - [cpujul2014-1972956] Oracle MySQL Local Unspecified Vulnerability - CVE-2014-4240, Low
SecurityFocus: 68602 - Oracle MySQL Server CVE-2014-4240 Local Security Vulnerability
Secunia: 60425 - SUSE update for MySQL, Less Critical
See also: 🔍
Entry
Created: 07/16/2014 10:02Updated: 02/09/2022 14:26
Changes: 07/16/2014 10:02 (70), 06/02/2017 07:54 (2), 02/09/2022 14:26 (3)
Complete: 🔍
No comments yet. Languages: en.
Please log in to comment.