CVE-2017-10424

8.8HIGH

Key Information:

Vendor
Oracle
Status
Mysql Enterprise Monitor
Vendor
CVE Published:
19 October 2017

Summary

Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Web). Supported versions that are affected are 3.2.8.2223 and earlier, 3.3.4.3247 and earlier and 3.4.2.4181 and earlier. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Enterprise Monitor. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).

Affected Version(s)

MySQL Enterprise Monitor 3.2.8.2223 and earlier

MySQL Enterprise Monitor 3.3.4.3247 and earlier

MySQL Enterprise Monitor 3.4.2.4181 and earlier

References

https://security.netapp.com/advisory/ntap-20171019-0002/
x_refsource_CONFIRM
http://www.securityfocus.com/bid/101381
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1039597
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.