{"api_version":"1","generated_at":"2026-04-23T04:09:18+00:00","cve":"CVE-2018-3258","urls":{"html":"https://cve.report/CVE-2018-3258","api":"https://cve.report/api/cve/CVE-2018-3258.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2018-3258","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2018-3258"},"summary":{"title":"CVE-2018-3258","description":"Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).","state":"PUBLIC","assigner":"secalert_us@oracle.com","published_at":"2018-10-17 01:31:00","updated_at":"2019-10-03 00:03:00"},"problem_types":["NVD-CWE-noinfo"],"metrics":[],"references":[{"url":"http://www.securityfocus.com/bid/105589","name":"105589","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"Oracle MySQL Connectors CVE-2018-3258 Remote Security Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://www.securitytracker.com/id/1041888","name":"1041888","refsource":"SECTRACK","tags":["Third Party Advisory","VDB Entry"],"title":"MySQL Multiple Flaws Let Remote Users Gain Elevated Privileges, Remote Authenticated Users Access and Modify Data, and Remote and Local Users Deny Service - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://security.netapp.com/advisory/ntap-20181018-0002/","name":"https://security.netapp.com/advisory/ntap-20181018-0002/","refsource":"CONFIRM","tags":["Third Party Advisory"],"title":"October 2018 MySQL Vulnerabilities in NetApp Products | NetApp Product Security","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","refsource":"CONFIRM","tags":["Patch","Vendor Advisory"],"title":"CPU Oct 2018","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/errata/RHSA-2019:1545","name":"RHSA-2019:1545","refsource":"REDHAT","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2018-3258","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-3258","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2018","cve_id":"3258","vulnerable":"1","versionEndIncluding":"8.0.12","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"connector/j","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"3258","vulnerable":"1","versionEndIncluding":"8.0.12","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"connector\\/j","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2018-3258","qid":"238742","title":"Red Hat Update for Satellite 6.8 release (RHSA-2020:4366)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"secalert_us@oracle.com","ID":"CVE-2018-3258","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"MySQL Connectors","version":{"version_data":[{"version_affected":"=","version_value":"8.0.12 and prior"}]}}]},"vendor_name":"Oracle Corporation"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors.  Successful attacks of this vulnerability can result in takeover of MySQL Connectors."}]}]},"references":{"reference_data":[{"name":"1041888","refsource":"SECTRACK","url":"http://www.securitytracker.com/id/1041888"},{"name":"105589","refsource":"BID","url":"http://www.securityfocus.com/bid/105589"},{"name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","refsource":"CONFIRM","url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"},{"name":"https://security.netapp.com/advisory/ntap-20181018-0002/","refsource":"CONFIRM","url":"https://security.netapp.com/advisory/ntap-20181018-0002/"},{"refsource":"REDHAT","name":"RHSA-2019:1545","url":"https://access.redhat.com/errata/RHSA-2019:1545"}]}},"nvd":{"publishedDate":"2018-10-17 01:31:00","lastModifiedDate":"2019-10-03 00:03:00","problem_types":["NVD-CWE-noinfo"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":6.5},"severity":"MEDIUM","exploitabilityScore":8,"impactScore":6.4,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:oracle:connector\\/j:*:*:*:*:*:*:*:*","versionEndIncluding":"8.0.12","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2018","CveId":"3258","Ordinal":"118814","Title":"CVE-2018-3258","CVE":"CVE-2018-3258","Year":"2018"},"notes":[{"CveYear":"2018","CveId":"3258","Ordinal":"1","NoteData":"Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).","Type":"Description","Title":null},{"CveYear":"2018","CveId":"3258","Ordinal":"2","NoteData":"2018-10-16","Type":"Other","Title":"Published"},{"CveYear":"2018","CveId":"3258","Ordinal":"3","NoteData":"2019-06-18","Type":"Other","Title":"Modified"}]}}}