Vulnerability in Data Store Component of Oracle Berkeley DB
CVE-2017-3616

7HIGH

Key Information:

Vendor: Oracle
Status: Oracle Berkeley Db
Vendor: CVE Published:; 24 April 2017

Summary

A vulnerability in the Data Store component of Oracle Berkeley DB allows an unauthenticated attacker with logon access to the system where Data Store operates to compromise its integrity. This flaw requires human interaction from a third party to successfully exploit. The outcome of an attack can lead to the complete takeover of the Data Store, which poses significant risks to confidentiality, integrity, and availability of data managed by the affected systems. Organizations utilizing Oracle Berkeley DB versions prior to 6.2.32 should take immediate action to mitigate the risks associated with this vulnerability.

Affected Version(s)

Oracle Berkeley DB < 6.2.32

References

http://www.oracle.com/technetwork/security-advisory/cpuap...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/97864

vdb-entryx_refsource_BID

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 24, 2017
Vulnerability Reserved
Dec 6, 2016