CVE-2014-6491 : Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote attackers to af

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to SERVER:SSL:yaSSL, a different vulnerability than CVE-2014-6500.

Published 2014-10-15 22:55:06

Updated 2022-07-01 14:17:14

Source Oracle

View at NVD, CVE.org

Threat overview for CVE-2014-6491

Top countries where our scanners detected CVE-2014-6491

Top open port discovered on systems with this issue 3306

IPs affected by CVE-2014-6491 218,261

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2014-6491!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2014-6491

Probability of exploitation activity in the next 30 days: 1.14%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 85 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2014-6491

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

References for CVE-2014-6491

http://security.gentoo.org/glsa/glsa-201411-02.xml

MySQL, MariaDB: Multiple vulnerabilities (GLSA 201411-02) — Gentoo security
Third Party Advisory

CVEs referencing this url
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698

Juniper Networks - 2015-10 Security Bulletin: Junos Space: Multiple Vulnerabilities in Junos Space
Third Party Advisory

CVEs referencing this url
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

Oracle Solaris Third Party Bulletin - October 2015
Vendor Advisory

CVEs referencing this url
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

Oracle Solaris Bulletin - April 2016
Vendor Advisory

CVEs referencing this url
http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html

Oracle Critical Patch Update - October 2014
Patch;Vendor Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html

[security-announce] SUSE-SU-2015:0743-1: important: Security update for
Mailing List;Third Party Advisory

CVEs referencing this url
http://www.securityfocus.com/bid/70444

Oracle MySQL Server CVE-2014-6491 Remote Security Vulnerability
Third Party Advisory;VDB Entry

Products affected by CVE-2014-6491

Oracle » Solaris » Version: 11.3
cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*
Matching versions
Oracle » Mysql
Versions from including (>=) 5.5.0 and up to, including, (<=) 5.5.39
cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
Matching versions
Oracle » Mysql
Versions from including (>=) 5.6.0 and up to, including, (<=) 5.6.20
cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
Matching versions
Juniper » Junos Space
Versions up to, including, (<=) 15.1
cpe:2.3:a:juniper:junos_space:*:*:*:*:*:*:*:*
Matching versions
Mariadb » Mariadb
Versions from including (>=) 10.0.0 and before (<) 10.0.15
cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
Matching versions
Mariadb » Mariadb
Versions from including (>=) 5.5.0 and before (<) 5.5.40
cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2014-6491

Threat overview for CVE-2014-6491

Exploit prediction scoring system (EPSS) score for CVE-2014-6491

CVSS scores for CVE-2014-6491

References for CVE-2014-6491

Products affected by CVE-2014-6491