Vulnerability in Data Store Component of Oracle Berkeley DB
CVE-2017-3606

7HIGH

Key Information:

Vendor: Oracle
Status: Oracle Berkeley Db
Vendor: CVE Published:; 24 April 2017

Summary

The Data Store component of Oracle Berkeley DB is affected by a vulnerability that permits an unauthenticated actor with access to the infrastructure where the Data Store operates to potentially compromise it. Although the vulnerability is not easy to exploit and requires human interaction from a third party, successful exploitation could lead to unauthorized takeover of the Data Store, impacting confidentiality, integrity, and availability. It is crucial for users operating versions earlier than 6.2.32 to apply the necessary patches to safeguard their database environments.

Affected Version(s)

Oracle Berkeley DB < 6.2.32

References

http://www.oracle.com/technetwork/security-advisory/cpuap...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/97854

vdb-entryx_refsource_BID

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 24, 2017
Vulnerability Reserved
Dec 6, 2016