{"api_version":"1","generated_at":"2026-05-07T04:33:00+00:00","cve":"CVE-2018-2598","urls":{"html":"https://cve.report/CVE-2018-2598","api":"https://cve.report/api/cve/CVE-2018-2598.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2018-2598","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2018-2598"},"summary":{"title":"CVE-2018-2598","description":"Vulnerability in the MySQL Workbench component of Oracle MySQL (subcomponent: Workbench: Security: Encryption). Supported versions that are affected are 6.3.10 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Workbench. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Workbench accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).","state":"PUBLIC","assigner":"secalert_us@oracle.com","published_at":"2018-07-18 13:29:00","updated_at":"2019-10-03 00:03:00"},"problem_types":["NVD-CWE-noinfo"],"metrics":[],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","name":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","refsource":"CONFIRM","tags":["Patch","Vendor Advisory"],"title":"CPU July 2018","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securitytracker.com/id/1041294","name":"1041294","refsource":"SECTRACK","tags":[],"title":"MySQL Multiple Flaws Let Remote Users Access and Gain Elevated Privileges, Remote Authenticated and Local Users Deny Service, and Remote Authenticated Users Modify Data - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://security.netapp.com/advisory/ntap-20180726-0002/","name":"https://security.netapp.com/advisory/ntap-20180726-0002/","refsource":"CONFIRM","tags":[],"title":"July 2018 MySQL Vulnerabilities in NetApp Products | NetApp Product Security","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/104787","name":"104787","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"Malformed Request","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2018-2598","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-2598","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2018","cve_id":"2598","vulnerable":"1","versionEndIncluding":"6.3.10","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"mysql_workbench","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"secalert_us@oracle.com","ID":"CVE-2018-2598","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"MySQL Workbench","version":{"version_data":[{"version_affected":"=","version_value":"6.3.10 and earlier"}]}}]},"vendor_name":"Oracle Corporation"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Vulnerability in the MySQL Workbench component of Oracle MySQL (subcomponent: Workbench: Security: Encryption). Supported versions that are affected are 6.3.10 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Workbench. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Workbench accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Workbench.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of MySQL Workbench accessible data."}]}]},"references":{"reference_data":[{"name":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","refsource":"CONFIRM","url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"},{"name":"1041294","refsource":"SECTRACK","url":"http://www.securitytracker.com/id/1041294"},{"name":"104787","refsource":"BID","url":"http://www.securityfocus.com/bid/104787"},{"name":"https://security.netapp.com/advisory/ntap-20180726-0002/","refsource":"CONFIRM","url":"https://security.netapp.com/advisory/ntap-20180726-0002/"}]}},"nvd":{"publishedDate":"2018-07-18 13:29:00","lastModifiedDate":"2019-10-03 00:03:00","problem_types":["NVD-CWE-noinfo"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":3.7,"baseSeverity":"LOW"},"exploitabilityScore":2.2,"impactScore":1.4},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":4.3},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:*","versionEndIncluding":"6.3.10","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2018","CveId":"2598","Ordinal":"118154","Title":"CVE-2018-2598","CVE":"CVE-2018-2598","Year":"2018"},"notes":[{"CveYear":"2018","CveId":"2598","Ordinal":"1","NoteData":"Vulnerability in the MySQL Workbench component of Oracle MySQL (subcomponent: Workbench: Security: Encryption). Supported versions that are affected are 6.3.10 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Workbench. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Workbench accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).","Type":"Description","Title":null},{"CveYear":"2018","CveId":"2598","Ordinal":"2","NoteData":"2018-07-18","Type":"Other","Title":"Published"},{"CveYear":"2018","CveId":"2598","Ordinal":"3","NoteData":"2018-07-27","Type":"Other","Title":"Modified"}]}}}