A scan in our environment revealed that a vulnerability was found.
Vulnerability: High
Plugin: MySQL User-Defined Functions Multiple Vulnerabilities
Proposed Solution:
There is currently no known fix or patch to address these issues. Instead, make sure access to create user-defined functions is restricted.
Release : 10.0
Component : NQRPTA - REPORTERANALYZER
MySQL anon user is able to create UDF.
Enter the database as root to be able to edit the privileges:
mysql -u root
Once in the database as root, enter the following commands to edit the granted privileges:
revoke create on *.* from ''@'localhost';
revoke create on `reporter`.* from ''@'localhost';