Vulnerability in Oracle Berkeley DB Data Store Component
CVE-2017-3604

7HIGH

Key Information:

Vendor: Oracle
Status: Oracle Berkeley Db
Vendor: CVE Published:; 24 April 2017

Summary

The vulnerability exists within the Data Store component of Oracle Berkeley DB prior to version 6.2.32, allowing unauthenticated attackers with access to the infrastructure where the Data Store operates to compromise its security. Although exploiting this vulnerability is challenging, it requires interaction from a user other than the attacker. Successful exploitation can lead to the attacker gaining full control over the Data Store, which may significantly impact the confidentiality, integrity, and availability of the stored data.

Affected Version(s)

Oracle Berkeley DB < 6.2.32

References

http://www.securityfocus.com/bid/97798

vdb-entryx_refsource_BID

http://www.oracle.com/technetwork/security-advisory/cpuap...

x_refsource_CONFIRM

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 24, 2017
Vulnerability Reserved
Dec 6, 2016