CVE-2020-14878
Summary
| CVE | CVE-2020-14878 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-10-21 15:15:00 UTC |
| Updated | 2022-01-04 17:54:00 UTC |
| Description | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: LDAP Auth). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 8.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| MySQL: Multiple vulnerabilities (GLSA 202105-27) — Gentoo security | GENTOO | security.gentoo.org | |
| Oracle Critical Patch Update Advisory - October 2020 | MISC | www.oracle.com | Vendor Advisory |
| October 2020 MySQL Vulnerabilities in NetApp Products | NetApp Product Security | CONFIRM | security.netapp.com | Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 296070 Oracle Solaris 11.4 Support Repository Update (SRU) 28.82.3 Missing (CPUOCT2020)
- 690386 Free Berkeley Software Distribution (FreeBSD) Security Update for mysql (4fba07ca-13aa-11eb-b31e-d4c9ef517024)
- 710088 Gentoo Linux MySQL Multiple vulnerabilities (GLSA 202105-27)
- 900074 CBL-Mariner Linux Security Update for mysql 8.0.21
- 903043 Common Base Linux Mariner (CBL-Mariner) Security Update for mysql (3193)