Data Store Vulnerability in Oracle Berkeley DB
CVE-2017-3617

7HIGH

Key Information:

Vendor: Oracle
Status: Oracle Berkeley Db
Vendor: CVE Published:; 24 April 2017

Summary

A security issue in Oracle's Berkeley DB Data Store component allows an unauthenticated attacker, after logging into the infrastructure where Data Store operates, to potentially exploit the vulnerability. Successful exploitation, which necessitates user interaction from a third party, can lead to a complete takeover of the Data Store. This vulnerability affects versions of Berkeley DB prior to 6.2.32 and poses significant risks to data confidentiality, integrity, and availability.

Affected Version(s)

Oracle Berkeley DB < 6.2.32

References

http://www.securityfocus.com/bid/97865

vdb-entryx_refsource_BID

http://www.oracle.com/technetwork/security-advisory/cpuap...

x_refsource_CONFIRM

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 24, 2017
Vulnerability Reserved
Dec 6, 2016