Vulnerability in Oracle Berkeley DB Data Store Component
CVE-2017-3612

7HIGH

Key Information:

Vendor: Oracle
Status: Oracle Berkeley Db
Vendor: CVE Published:; 24 April 2017

What is CVE-2017-3612?

This vulnerability resides in the Data Store component of Oracle Berkeley DB, specifically affecting versions prior to 6.2.32. An unauthenticated attacker with access to the infrastructure where Data Store operates can potentially exploit this flaw, which requires interaction from a third party user. Successful exploitation may lead to a complete takeover of the Data Store, compromising confidentiality, integrity, and availability of the stored data.

Affected Version(s)

Oracle Berkeley DB < 6.2.32

References

http://www.oracle.com/technetwork/security-advisory/cpuap...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/97860

vdb-entryx_refsource_BID

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 24, 2017
Vulnerability Reserved
Dec 6, 2016