Vulnerability Description
The embedded MySQL 4.0 server for Proofpoint Protection Server does not require a password for the root user of MySQL, which allows remote attackers to read or modify the backend database.
CVSS Score
6.4
MEDIUM
AV:N/AC:L/Au:N/C:P/I:P/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Proofpoint | Proofpoint Protection Server | All versions |
References
- http://marc.info/?l=full-disclosure&m=107745676915297&w=2
- http://marc.info/?l=full-disclosure&m=107752568009182&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15280
- http://marc.info/?l=full-disclosure&m=107745676915297&w=2
- http://marc.info/?l=full-disclosure&m=107752568009182&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15280
FAQ
What is CVE-2004-2357?
CVE-2004-2357 is a vulnerability with a CVSS score of 6.4 (MEDIUM). The embedded MySQL 4.0 server for Proofpoint Protection Server does not require a password for the root user of MySQL, which allows remote attackers to read or modify the backend database.
How severe is CVE-2004-2357?
CVE-2004-2357 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-2357?
Check the references section above for vendor advisories and patch information. Affected products include: Proofpoint Proofpoint Protection Server.