CVE-2018-2755

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).

Published: Apr 19, 2018
Updated: Apr 13, 2023
CVE: CVE-2018-2755
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.7
AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

CVSS v2:

Severity: Low
Score: 3.7
AV:L/AC:H/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
oracle / mysql	5.7.0	5.7.21.x
oracle / mysql	5.6.0	5.6.39.x
oracle / mysql	5.5.0	5.5.59.x
debian / debian_linux	8.0	8.0.x
debian / debian_linux	7.0	7.0.x
debian / debian_linux	9.0	9.0.x
canonical / ubuntu_linux	17.10	17.10.x
canonical / ubuntu_linux	18.04	18.04.x
canonical / ubuntu_linux	14.04	14.04.x
canonical / ubuntu_linux	16.04	16.04.x
canonical / ubuntu_linux	12.04	12.04.x
mariadb / mariadb	10.0.0	10.0.35
mariadb / mariadb	10.1.0	10.1.33
mariadb / mariadb	10.2.0	10.2.15
mariadb / mariadb	5.5.0	5.5.60
netapp / active_iq_unified_manager	7.3	7.3.x
netapp / active_iq_unified_manager	9.5	9.5.x
redhat / enterprise_linux_desktop	7.0	7.0.x
redhat / enterprise_linux_workstation	7.0	7.0.x
redhat / enterprise_linux_server	7.0	7.0.x
redhat / enterprise_linux_eus	7.5	7.5.x
redhat / enterprise_linux_server_tus	7.6	7.6.x
redhat / enterprise_linux_server_aus	7.6	7.6.x
redhat / enterprise_linux_eus	7.6	7.6.x
redhat / openstack	12	12.x
redhat / enterprise_linux_server_aus	7.7	7.7.x
redhat / enterprise_linux_server_tus	7.7	7.7.x
redhat / enterprise_linux_eus	7.7	7.7.x

Vulnerability Database

289,697

CVE-2018-2755