Data Store Vulnerability in Oracle Berkeley DB
CVE-2017-3608

7HIGH

Key Information:

Vendor: Oracle
Status: Oracle Berkeley Db
Vendor: CVE Published:; 24 April 2017

Summary

A vulnerability in the Data Store component of Oracle Berkeley DB affects versions prior to 6.2.32. This flaw allows an unauthenticated attacker who has access to the infrastructure running Data Store to exploit the vulnerability and potentially compromise its integrity. Successful exploitation requires human interaction from a user other than the attacker, making social engineering a factor in successful attack scenarios. If successfully executed, it may lead to the complete takeover of the Data Store, thereby jeopardizing the confidentiality, integrity, and availability of the stored data.

Affected Version(s)

Oracle Berkeley DB < 6.2.32

References

http://www.oracle.com/technetwork/security-advisory/cpuap...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/97856

vdb-entryx_refsource_BID

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 24, 2017
Vulnerability Reserved
Dec 6, 2016