CVE-2020-14878

HIGH

MySQL < 8.0.21 - Authenticated Remote Code Execution in LDAP Auth

Title source: llm
STIX 2.1

Description

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: LDAP Auth). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 8.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

References (3)

Core 3
Core References
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20201023-0003/
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/202105-27

Scores

CVSS v3 8.0
EPSS 0.0120
EPSS Percentile 64.7%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

Status published
Products (1)
oracle/mysql 8.0.0 - 8.0.21
Published Oct 21, 2020
Tracked Since Feb 18, 2026