Lucene search

K

[email protected]NVD:CVE-2017-3651

HistoryAug 08, 2017 - 3:29 p.m.

CVE-2017-3651

2017-08-0815:29:08

[email protected]

web.nvd.nist.gov

8

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

AI Score

4

Confidence

High

EPSS

0.002

Percentile

64.3%

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).

Affected configurations

Nvd

Node

oraclemysqlRange5.5.0–5.5.56

OR

oraclemysqlRange5.6.0–5.6.36

OR

oraclemysqlRange5.7.0–5.7.18

Node

mariadbmariadbRange5.5.0–5.5.53

OR

mariadbmariadbRange10.0.0–10.0.28

OR

mariadbmariadbRange10.1.0–10.1.19

Node

debiandebian_linuxMatch8.0

Node

redhatopenstackMatch12

Node

redhatenterprise_linux_desktopMatch7.0

OR

redhatenterprise_linux_eusMatch7.4

OR

redhatenterprise_linux_eusMatch7.5

OR

redhatenterprise_linux_eusMatch7.6

OR

redhatenterprise_linux_eusMatch7.7

OR

redhatenterprise_linux_serverMatch7.0

OR

redhatenterprise_linux_server_ausMatch7.4

OR

redhatenterprise_linux_server_ausMatch7.6

OR

redhatenterprise_linux_server_ausMatch7.7

OR

redhatenterprise_linux_server_tusMatch7.6

OR

redhatenterprise_linux_server_tusMatch7.7

OR

redhatenterprise_linux_workstationMatch7.0

References

rhn.redhat.com/errata/RHSA-2016-2927.html

rhn.redhat.com/errata/RHSA-2016-2928.html

www.debian.org/security/2017/dsa-3922

www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

www.securityfocus.com/bid/99802

www.securitytracker.com/id/1038928

access.redhat.com/errata/RHSA-2017:2192

access.redhat.com/errata/RHSA-2017:2787

access.redhat.com/errata/RHSA-2017:2886

access.redhat.com/errata/RHSA-2018:2439

access.redhat.com/errata/RHSA-2018:2729

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

AI Score

4

Confidence

High

EPSS

0.002

Percentile

64.3%

Related for NVD:CVE-2017-3651

ubuntucve1 prion1 mariadbunix1 cve1 cvelist1 veracode1 osv3 redhatcve1 nessus43 openvas18 ibm2 debian3 amazon3 fedora3 redhat7 ubuntu2 centos2 oraclelinux2 freebsd1 gentoo1 photon1 oracle2