Vulnerability in MySQL Connectors Affecting Oracle MySQL Products
CVE-2017-3523

8.5HIGH

Key Information:

Vendor
Oracle
Status
Mysql Connectors
Vendor
CVE Published:
24 April 2017

Summary

A vulnerability exists in the MySQL Connectors component of Oracle MySQL, specifically within Connector/J. This flaw allows a low-privileged attacker with network access via multiple protocols to exploit the MySQL Connectors, potentially compromising their functionality. Though located in MySQL Connectors, successful exploitation can have cascading effects on other connected products. Attackers could leverage this vulnerability to gain unauthorized access, posing significant risks to the confidentiality, integrity, and availability of database systems.

Affected Version(s)

MySQL Connectors 5.1.40 and earlier

References

http://www.oracle.com/technetwork/security-advisory/cpuap...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/97982
vdb-entryx_refsource_BID
http://www.debian.org/security/2017/dsa-3840
vendor-advisoryx_refsource_DEBIAN

CVSS V3.1

Score:
8.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.