Vulnerability in MySQL Installer of Oracle MySQL
CVE-2022-39404

4.2MEDIUM

Key Information:

Vendor: Oracle
Status: Mysql Installer
Vendor: CVE Published:; 18 October 2022

What is CVE-2022-39404?

A vulnerability exists in the MySQL Installer of Oracle MySQL that allows low-privileged users with login access to exploit the system. This flaw necessitates human interaction from an individual who is not the attacker, which could lead to unauthorized modification of data within the MySQL Installer. Attackers may gain the ability to read, update, or delete certain accessible data, as well as partially disrupt the operation of the MySQL Installer, affecting its availability. Remediation is recommended to ensure the security of the affected environments.

Affected Version(s)

MySQL Installer 1.6.3 and prior

References

https://www.oracle.com/security-alerts/cpuoct2022.html

CVSS V3.1

Score:

4.2

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 18, 2022
Vulnerability Reserved
Sep 2, 2022