Remote Code Execution Vulnerability in MySQL Enterprise Monitor by Oracle
CVE-2016-5590

7.2HIGH

Key Information:

Vendor

Oracle
Status
Mysql Enterprise Monitor
Vendor
CVE Published:
27 January 2017

What is CVE-2016-5590?

A vulnerability exists in the MySQL Enterprise Monitor component of Oracle MySQL, specifically in the Monitoring: Agent subcomponent. Supported versions 3.1.3.7856 and earlier are susceptible to exploitation. An attacker with high privileges and network access via TLS can compromise the MySQL Enterprise Monitor. Successful exploitation allows the attacker to take full control of the system, resulting in potential data breaches and unauthorized modifications. This vulnerability highlights the need for prompt updates and security measures to mitigate the risks inherent in such unauthorized access.

Affected Version(s)

MySQL Enterprise Monitor 3.1.3.7856 and earlier

References

http://www.securityfocus.com/bid/95542
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1037640
vdb-entryx_refsource_SECTRACK
http://www.oracle.com/technetwork/security-advisory/cpuja...
x_refsource_CONFIRM

CVSS V3.1

Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.