MySQL Connector/J Vulnerability in Oracle's MySQL Product
CVE-2017-3586

6.4MEDIUM

Key Information:

Vendor

Oracle
Status
Mysql Connectors
Vendor
CVE Published:
24 April 2017

What is CVE-2017-3586?

A vulnerability in the MySQL Connectors component of Oracle MySQL allows low-privileged attackers with network access to exploit Connector/J. This flaw affects versions 5.1.41 and earlier, presenting an easy target for attackers. Successful exploitation can lead to unauthorized access to modify, delete, or read sensitive data, significantly impacting additional products that rely on MySQL Connectors. The implications of this vulnerability necessitate immediate attention from operators utilizing affected MySQL versions.

Affected Version(s)

MySQL Connectors 5.1.41 and earlier

References

http://www.securitytracker.com/id/1038287
vdb-entryx_refsource_SECTRACK
http://www.oracle.com/technetwork/security-advisory/cpuap...
x_refsource_CONFIRM
http://www.debian.org/security/2017/dsa-3857
vendor-advisoryx_refsource_DEBIAN

CVSS V3.1

Score:
6.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2017-3586 : MySQL Connector/J Vulnerability in Oracle's MySQL Product