IBM Security Guardium update for MySQL



Published: 2022-12-01
Risk Medium
Patch available YES
Number of vulnerabilities 24
CVE-ID CVE-2022-21509
CVE-2022-21529
CVE-2022-21525
CVE-2022-21515
CVE-2022-21528
CVE-2022-21519
CVE-2022-21517
CVE-2022-21531
CVE-2022-21527
CVE-2022-21526
CVE-2022-21455
CVE-2022-21530
CVE-2022-21538
CVE-2022-21522
CVE-2022-21539
CVE-2022-21569
CVE-2022-21550
CVE-2022-21535
CVE-2022-21555
CVE-2022-21553
CVE-2022-21537
CVE-2022-21534
CVE-2022-21547
CVE-2022-21556
CWE-ID CWE-20
CWE-191
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
IBM Security Guardium
Client/Desktop applications / Antivirus software/Personal firewalls

Vendor IBM Corporation

Security Bulletin

This security bulletin contains information about 24 vulnerabilities.

1) Improper input validation

EUVDB-ID: #VU65510

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-21509

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to damange or delete data.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Security Guardium: 10.5 - 11.4


CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-in-oracle-mysql/
http://www.ibm.com/support/pages/node/6842821

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Improper input validation

EUVDB-ID: #VU65517

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-21529

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Security Guardium: 10.5 - 11.4


CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-in-oracle-mysql/
http://www.ibm.com/support/pages/node/6842821

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

3) Improper input validation

EUVDB-ID: #VU65515

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-21525

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Security Guardium: 10.5 - 11.4


CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-in-oracle-mysql/
http://www.ibm.com/support/pages/node/6842821

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

4) Improper input validation

EUVDB-ID: #VU65521

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-21515

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Options component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Security Guardium: 10.5 - 11.4


CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-in-oracle-mysql/
http://www.ibm.com/support/pages/node/6842821

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

5) Improper input validation

EUVDB-ID: #VU65509

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-21528

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to damange or delete data.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Security Guardium: 10.5 - 11.4


CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-in-oracle-mysql/
http://www.ibm.com/support/pages/node/6842821

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

6) Improper input validation

EUVDB-ID: #VU65507

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-21519

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Cluster: General component in MySQL Cluster. A remote non-authenticated attacker can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Security Guardium: 10.5 - 11.4


CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-in-oracle-mysql/
http://www.ibm.com/support/pages/node/6842821

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

7) Improper input validation

EUVDB-ID: #VU65512

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-21517

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Security Guardium: 10.5 - 11.4


CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-in-oracle-mysql/
http://www.ibm.com/support/pages/node/6842821

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

8) Improper input validation

EUVDB-ID: #VU65519

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-21531

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Security Guardium: 10.5 - 11.4


CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-in-oracle-mysql/
http://www.ibm.com/support/pages/node/6842821

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

9) Improper input validation

EUVDB-ID: #VU65508

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-21527

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to damange or delete data.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Security Guardium: 10.5 - 11.4


CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-in-oracle-mysql/
http://www.ibm.com/support/pages/node/6842821

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

10) Improper input validation

EUVDB-ID: #VU65516

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-21526

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Security Guardium: 10.5 - 11.4


CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-in-oracle-mysql/
http://www.ibm.com/support/pages/node/6842821

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

11) Improper input validation

EUVDB-ID: #VU65522

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-21455

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to manipulate data.

The vulnerability exists due to improper input validation within the Server: PAM Auth Plugin component in MySQL Server. A remote privileged user can exploit this vulnerability to manipulate data.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Security Guardium: 10.5 - 11.4


CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-in-oracle-mysql/
http://www.ibm.com/support/pages/node/6842821

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

12) Improper input validation

EUVDB-ID: #VU65518

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-21530

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Security Guardium: 10.5 - 11.4


CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-in-oracle-mysql/
http://www.ibm.com/support/pages/node/6842821

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

13) Improper input validation

EUVDB-ID: #VU65526

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-21538

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to perform service disruption.

The vulnerability exists due to improper input validation within the Server: Security: Encryption component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform service disruption.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Security Guardium: 10.5 - 11.4


CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-in-oracle-mysql/
http://www.ibm.com/support/pages/node/6842821

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

14) Improper input validation

EUVDB-ID: #VU65524

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-21522

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Stored Procedure component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Security Guardium: 10.5 - 11.4


CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-in-oracle-mysql/
http://www.ibm.com/support/pages/node/6842821

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

15) Improper input validation

EUVDB-ID: #VU65511

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-21539

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to read and manipulate data.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote authenticated user can exploit this vulnerability to read and manipulate data.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Security Guardium: 10.5 - 11.4


CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-in-oracle-mysql/
http://www.ibm.com/support/pages/node/6842821

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

16) Improper input validation

EUVDB-ID: #VU65505

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-21569

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Security Guardium: 10.5 - 11.4


CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-in-oracle-mysql/
http://www.ibm.com/support/pages/node/6842821

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

17) Integer underflow

EUVDB-ID: #VU65506

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-21550

CWE-ID: CWE-191 - Integer underflow

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to integer underflow when processing Data Node jobs. A remote user can send a specially crafted input to the affected application, trigger integer an underflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Security Guardium: 10.5 - 11.4


CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-in-oracle-mysql/
http://www.ibm.com/support/pages/node/6842821

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

18) Improper input validation

EUVDB-ID: #VU65527

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-21535

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a local non-authenticated attacker to perform service disruption.

The vulnerability exists due to improper input validation within the Shell: General/Core Client component in MySQL Shell. A local non-authenticated attacker can exploit this vulnerability to perform service disruption.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Security Guardium: 10.5 - 11.4


CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-in-oracle-mysql/
http://www.ibm.com/support/pages/node/6842821

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

19) Improper input validation

EUVDB-ID: #VU65525

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-21555

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a local privileged user to read and manipulate data.

The vulnerability exists due to improper input validation within the Shell: GUI component in MySQL Shell for VS Code. A local privileged user can exploit this vulnerability to read and manipulate data.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Security Guardium: 10.5 - 11.4


CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-in-oracle-mysql/
http://www.ibm.com/support/pages/node/6842821

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

20) Improper input validation

EUVDB-ID: #VU65520

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-21553

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Security Guardium: 10.5 - 11.4


CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-in-oracle-mysql/
http://www.ibm.com/support/pages/node/6842821

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

21) Improper input validation

EUVDB-ID: #VU65513

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-21537

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Security Guardium: 10.5 - 11.4


CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-in-oracle-mysql/
http://www.ibm.com/support/pages/node/6842821

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

22) Improper input validation

EUVDB-ID: #VU65523

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-21534

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Stored Procedure component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Security Guardium: 10.5 - 11.4


CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-in-oracle-mysql/
http://www.ibm.com/support/pages/node/6842821

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

23) Improper input validation

EUVDB-ID: #VU65514

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-21547

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Federated component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Security Guardium: 10.5 - 11.4


CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-in-oracle-mysql/
http://www.ibm.com/support/pages/node/6842821

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

24) Improper input validation

EUVDB-ID: #VU65504

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-21556

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote privileged user to damange or delete data.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Security Guardium: 10.5 - 11.4


CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-in-oracle-mysql/
http://www.ibm.com/support/pages/node/6842821

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###