| Vulnerability Name: | CVE-2017-3304 (CCN-124819) | ||||||||||||
| Assigned: | 2016-12-06 | ||||||||||||
| Published: | 2017-04-18 | ||||||||||||
| Updated: | 2019-10-03 | ||||||||||||
| Summary: | Vulnerability in the MySQL Cluster component of Oracle MySQL (subcomponent: Cluster: DD). Supported versions that are affected are 7.2.27 and earlier, 7.3.16 and earlier, 7.4.14 and earlier and 7.5.5 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.0 Base Score 5.4 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L). | ||||||||||||
| CVSS v3 Severity: | 5.4 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L) 4.7 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C)
4.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 5.5 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:P/A:P)
| ||||||||||||
| Vulnerability Type: | CWE-noinfo | ||||||||||||
| Vulnerability Consequences: | Other | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2017-3304 Source: CCN Type: Oracle CPUApr2017 Oracle Critical Patch Update Advisory - April 2017 Source: CONFIRM Type: Patch, Vendor Advisory http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html Source: BID Type: Third Party Advisory, VDB Entry 97815 Source: SECTRACK Type: UNKNOWN 1038287 Source: XF Type: UNKNOWN oracle-cpuapr2017-cve20173304(124819) | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||