Vulnerability Description
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: LDAP Auth). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 8.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Oracle | Mysql | >= 8.0.0, <= 8.0.21 |
References
- https://security.gentoo.org/glsa/202105-27Third Party Advisory
- https://security.netapp.com/advisory/ntap-20201023-0003/Third Party Advisory
- https://www.oracle.com/security-alerts/cpuoct2020.htmlVendor Advisory
- https://security.gentoo.org/glsa/202105-27Third Party Advisory
- https://security.netapp.com/advisory/ntap-20201023-0003/Third Party Advisory
- https://www.oracle.com/security-alerts/cpuoct2020.htmlVendor Advisory
FAQ
What is CVE-2020-14878?
CVE-2020-14878 is a vulnerability with a CVSS score of 8.0 (HIGH). Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: LDAP Auth). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows l...
How severe is CVE-2020-14878?
CVE-2020-14878 has been rated HIGH with a CVSS base score of 8.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-14878?
Check the references section above for vendor advisories and patch information. Affected products include: Oracle Mysql.