Skip to main content

Mysql Enterprise Monitor CVE-2016-3461

HIGH
2016-04-21 secalert_us@oracle.com
7.2
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
7.2 HIGH
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Apr 21, 2016 - 11:00 cve.org
HIGH 7.2

DescriptionCVE.org

Unspecified vulnerability in the MySQL Enterprise Monitor component in Oracle MySQL 3.0.25 and earlier and 3.1.2 and earlier allows remote administrators to affect confidentiality, integrity, and availability via vectors related to Monitoring: Server.

AnalysisAI

Unspecified vulnerability in the MySQL Enterprise Monitor component in Oracle MySQL 3.0.25 and earlier and 3.1.2 and earlier allows remote administrators to affect confidentiality, integrity, and. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

Unspecified vulnerability in the MySQL Enterprise Monitor component in Oracle MySQL 3.0.25 and earlier and 3.1.2 and earlier allows remote administrators to affect confidentiality, integrity, and availability via vectors related to Monitoring: Server. Affected products include: Oracle Mysql Enterprise Monitor.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2017-5645 CRITICAL POC
9.8 Apr 17

In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events

CVE-2021-4104 HIGH
7.5 Dec 14

JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Lo

CVE-2022-22965 CRITICAL POC
9.8 Apr 01

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data b

CVE-2022-22963 CRITICAL POC
9.8 Apr 01

In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is po

CVE-2020-17530 CRITICAL POC
9.8 Dec 11

Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Rated cri

CVE-2019-17571 CRITICAL
9.8 Dec 20

Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be explo

CVE-2018-11776 HIGH POC
8.1 Aug 22

Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullN

CVE-2020-1938 CRITICAL POC
9.8 Feb 24

When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Rate

CVE-2022-23305 CRITICAL
9.8 Jan 18

By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be

CVE-2020-13935 HIGH POC
7.5 Jul 14

The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to

CVE-2020-1967 HIGH POC
7.5 Apr 21

Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due

CVE-2013-4316 CRITICAL
10.0 Sep 30

Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack v

Share

CVE-2016-3461 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy