CVE-2017-3590
Description
Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/Python). Supported versions that are affected are 2.1.5 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Connectors executes to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data. CVSS 3.0 Base Score 3.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2017-3590
Vendor advisory: secalert_us@oracle.com — http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| debian | sid | fixed | 2.1.6-1 |
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| PyPI | mysql-connector-python | <=2.1.5 | |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| oracle | connector\/python | {"endIncluding":"2.1.5"} | |
References
- https://nvd.nist.gov/vuln/detail/CVE-2017-3590
- https://github.com/mysql/mysql-connector-python
- http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html
- http://www.securityfocus.com/bid/97840
- http://www.securitytracker.com/id/1038287
- https://security-tracker.debian.org/tracker/CVE-2017-3590
Verify integrity in audit chain (admin only). AS-IS.