Red Team or Advanced Rogue attacker can exploit this vulnerability to cause a crash or hang of MySQL Server.

CVSS 3.0 Base Score 5.3 (System information disclosure). Critical - If the user is not aware of the attack or does not have common protection against attacks, this vulnerability poses a critical risk. CVSS 3.0 Score 5.3 — System information disclosure Critical — If the user is not aware of the attack or does not have common protection against attacks, this vulnerability poses a critical risk. CVSS 3.0 Score 5.3 — System information disclosure Critical — If the user is not aware of the attack or does not have common protection against attacks, this vulnerability poses a critical risk. CVSS 3.0 Score 5.3 — System information disclosure Critical — If the user is not aware of the attack or does not have common protection against attacks, this vulnerability poses a critical risk. CVSS 3.0 Score 5.3 — System information disclosure Critical — If the user is not aware of the attack or does not have common protection against attacks, this vulnerability poses a critical risk. CVSS 3.0 Score 5.3 — System information disclosure Critical — If the user is not aware of the attack or does not have common protection against attacks, this vulnerability poses a critical risk. CVSS 3.0 Score 5.3 — System information disclosure Critical — If the user is not aware of the attack or does not have common protection against attacks, this vulnerability poses

Hackers can gain access to database environment and get sensitive information

This vulnerability allows hackers to access the database environment and get a lot of sensitive information.

CVSS 3.0 Base Score 5.3 (System information disclosure). Critical - If the user is not aware of the attack or does not have common protection against attacks, this vulnerability poses a critical risk. CVSS 3.0 Score 5.3 — System information disclosure Critical — If the user is not aware of the attack or does not have common protection against attacks, this vulnerability poses a critical risk. CVSS 3.0 Score 5.3 — System information disclosure Critical — If the user is not aware of the attack or does not have common protection against attacks, this vulnerability poses a critical risk. CVSS 3.0 Score 5.3 — System information disclosure Critical — If the user is not aware of the attack or does not have common protection against attacks, this vulnerability poses a critical risk. CVSS 3.0 Score 5.3 — System information disclosure Critical — If the user is not aware of the attack or does not have common protection against attacks, this vulnerability poses a critical risk. CVSS 3.0 Score 5.3 — System information disclosure

Limitations and Recommendations

The vulnerability is not exploitable in implementations of MySQL Server that use safe modes when the server is started.

Additional Information:
CVSS Base Score: 5.3
CVSS Vector: AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H
AVG CVSS Base Score5.3
AVG CVSS Vector4.3

Timeline

Published on: 10/18/2022 21:15:00 UTC
Last modified on: 10/18/2022 21:18:00 UTC

References