cpe:/a:oracle:mysql:5.5.60 cpe:/a:oracle:mysql:5.6.40 cpe:/a:oracle:mysql:5.7.22 CVE-2018-2767 2018-07-18T09:29:00.320-04:00 2019-10-02T20:03:26.223-04:00 3.5 NETWORK MEDIUM SINGLE_INSTANCE PARTIAL NONE NONE http://nvd.nist.gov BID 103954 SECTRACK 1041294 DEBIAN DSA-4341 REDHAT RHSA-2018:2439 REDHAT RHSA-2018:2729 UBUNTU USN-3725-1 UBUNTU USN-3725-2 MLIST [debian-lts-announce] 20181105 [SECURITY] [DLA 1566-1] mysql-5.5 security update CONFIRM http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html CONFIRM https://security.netapp.com/advisory/ntap-20180726-0002/ Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N).