CVE-2017-3467
low
CVSS v3
3.7
CVSS v2
4.3
VIR risk
3.7
Description
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: C API). Supported versions that are affected are 5.7.17 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).
Predictions
Exploit likelihood
47%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: secalert_us@oracle.com — http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| oracle | mysql | {"endIncluding":"5.7.17"} | |
References
- http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html
- http://www.securityfocus.com/bid/97825
- http://www.securitytracker.com/id/1038287
- https://access.redhat.com/errata/RHSA-2017:2886
- http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html
- http://www.securityfocus.com/bid/97825
- http://www.securitytracker.com/id/1038287
- https://access.redhat.com/errata/RHSA-2017:2886
Verify integrity in audit chain (admin only). AS-IS.