Vulnerability in the Data Store Component of Oracle Berkeley DB
CVE-2017-3613

7HIGH

Key Information:

Vendor: Oracle
Status: Oracle Berkeley Db
Vendor: CVE Published:; 24 April 2017

Summary

This vulnerability affects the Data Store component of Oracle Berkeley DB, allowing an unauthenticated attacker who has access to the infrastructure where Data Store operates to exploit it. The exploitation is made possible through social engineering tactics that require user interaction from a third party. If successfully executed, this vulnerability can lead to a complete takeover of the Data Store, posing significant risks to data confidentiality, integrity, and availability. It is critical for organizations using Oracle Berkeley DB to ensure they are operating on version 6.2.32 or later to mitigate these risks.

Affected Version(s)

Oracle Berkeley DB < 6.2.32

References

http://www.oracle.com/technetwork/security-advisory/cpuap...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/97861

vdb-entryx_refsource_BID

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 24, 2017
Vulnerability Reserved
Dec 6, 2016