Vulnerability CVE-2017-3523

Vulnerability Name:

CVE-2017-3523 (CCN-126183)

Assigned:

2016-12-06

Published:

2017-04-18

Updated:

2019-10-03

Summary:

Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 5.1.40 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. While the vulnerability is in MySQL Connectors, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.0 Base Score 8.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H).

CVSS v3 Severity:

8.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H)
7.4 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

8.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H)
7.4 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

6.0 Medium (CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

7.1 High (CCN CVSS v2 Vector: AV:N/AC:H/Au:S/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

CWE-noinfo

Vulnerability Consequences:

Other

References:

Source: MITRE
Type: CNA
CVE-2017-3523

Source: DEBIAN
Type: UNKNOWN
DSA-3840

Source: CCN
Type: Oracle CPUApr2017
Oracle Critical Patch Update Advisory - April 2017

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html

Source: BID
Type: Third Party Advisory, VDB Entry
97982

Source: CCN
Type: BID-97982
Oracle MySQL Connectors CVE-2017-3523 Remote Security Vulnerability

Source: XF
Type: UNKNOWN
oracle-cpuapr2017-cve20173523(126183)

Source: CCN
Type: IBM Security Bulletin 3106029 (StoredIQ)
Multiple Vulnerabilities identified in IBM StoredIQ

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2017-3523

Vulnerable Configuration:

Configuration 1:

cpe:/a:oracle:connector/j:*:*:*:*:*:*:*:* (Version <= 5.1.40)

Configuration CCN 1:

cpe:/a:oracle:mysql:-:*:*:*:*:*:*:*

AND

cpe:/a:ibm:storediq:7.6.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20173523	V	CVE-2017-3523	2022-09-02
oval:org.opensuse.security:def:113008	P	mysql-connector-java-8.0.25-2.2 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:10445	P	Security update for busybox (Important) (in QA)	2022-01-14
oval:org.opensuse.security:def:10444	P	Security update for MozillaFirefox (Important) (in QA)	2022-01-14
oval:org.opensuse.security:def:10436	P	Security update for libsndfile (Important)	2022-01-11
oval:org.opensuse.security:def:10432	P	Security update for p11-kit (Important)	2021-12-22
oval:org.opensuse.security:def:10381	P	Security update for fetchmail (Moderate)	2021-12-14
oval:org.opensuse.security:def:10668	P	Security update for the Linux Kernel (Important)	2021-12-06
oval:org.opensuse.security:def:106454	P	Security update for webkit2gtk3 (Important)	2021-11-23
oval:org.opensuse.security:def:10356	P	Security update for libvirt (Important)	2021-10-27
oval:org.opensuse.security:def:10154	P	Security update for ghostscript (Critical)	2021-09-15
oval:org.opensuse.security:def:10693	P	Security update for ntfs-3g_ntfsprogs (Important)	2021-09-07
oval:org.opensuse.security:def:10124	P	Security update for MozillaFirefox (Important)	2021-07-27
oval:org.opensuse.security:def:11105	P	Security update for icinga2 (Moderate)	2021-07-21
oval:org.opensuse.security:def:10281	P	Security update for squid (Important)	2021-06-11
oval:org.opensuse.security:def:124625	P	mysql-connector-java-5.1.42-5.4.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:17226	P	bogofilter-1.2.4-5.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:17262	P	libmwaw-0_3-3-0.3.13-7.9.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:16619	P	mysql-connector-java-5.1.42-5.4.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:17011	P	libIlmImf-Imf_2_1-21-32bit-2.1.0-4.5 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:17019	P	libpcsclite1-32bit-1.8.10-3.7 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11395	P	libqt4-32bit-4.8.6-2.11 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:17053	P	gimp-2.8.10-1.164 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:17301	P	typelib-1_0-Gtk-2_0-2.24.31-7.11 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11417	P	libyaml-0-2-0.1.6-1.19 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:17138	P	libvirt-client-32bit-2.0.0-26.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:17195	P	libpcsclite1-32bit-1.8.10-6.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:10262	P	Security update for curl (Moderate)	2021-05-31
oval:org.opensuse.security:def:10247	P	Security update for stunnel (Important)	2021-05-03
oval:org.opensuse.security:def:10423	P	Security update for ldb (Important)	2021-03-24
oval:org.opensuse.security:def:10200	P	Security update for wpa_supplicant (Important)	2021-02-11
oval:org.opensuse.security:def:10132	P	Security update for openvswitch (Important)	2021-02-02
oval:org.opensuse.security:def:17343	P	libgstfft-1_0-0-32bit-1.8.3-13.3.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:17372	P	libvpx1-32bit-1.3.0-3.3.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:16931	P	mysql-connector-java-5.1.42-5.4.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:4095	P	mysql-connector-java-5.1.42-5.4.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:17309	P	colord-1.3.3-12.13 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:17763	P	Security update for openssl (Moderate)	2020-12-01
oval:org.opensuse.security:def:18159	P	Security update for mysql-connector-java (Moderate)	2020-12-01
oval:org.opensuse.security:def:17428	P	Security update for openldap2 (Important)	2020-12-01
oval:org.opensuse.security:def:17785	P	Security update for libvirt (Moderate)	2020-12-01
oval:org.opensuse.security:def:17485	P	Security update for gcc10 (Moderate)	2020-12-01
oval:org.opensuse.security:def:18423	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:10735	P	libgit2-24 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:17516	P	Security update for file (Moderate)	2020-12-01
oval:org.opensuse.security:def:18449	P	Security update for mysql-connector-java (Moderate)	2020-12-01
oval:org.opensuse.security:def:11083	P	libvdpau-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10466	P	libXcursor-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10744	P	libid3tag-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:17404	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:17552	P	Security update for libXfont (Important)	2020-12-01
oval:org.opensuse.security:def:10512	P	libjpeg62-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10757	P	libmikmod-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:17461	P	Security update for shim (Moderate)	2020-12-01
oval:org.opensuse.security:def:17662	P	Security update for samba (Important)	2020-12-01
oval:org.opensuse.security:def:10559	P	libvirt-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:17473	P	Security update for tigervnc (Critical)	2020-12-01
oval:org.opensuse.security:def:17694	P	Security update for glibc (Important)	2020-12-01
oval:org.opensuse.security:def:10574	P	mysql-connector-java on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:17495	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:17751	P	Security update for php5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:10593	P	rhythmbox on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:18133	P	Security update for quagga (Important)	2020-12-01
oval:com.ubuntu.cosmic:def:201735230000000	V	CVE-2017-3523 on Ubuntu 18.10 (cosmic) - medium.	2017-04-24
oval:com.ubuntu.artful:def:20173523000	V	CVE-2017-3523 on Ubuntu 17.10 (artful) - medium.	2017-04-24
oval:com.ubuntu.trusty:def:20173523000	V	CVE-2017-3523 on Ubuntu 14.04 LTS (trusty) - medium.	2017-04-24
oval:com.ubuntu.bionic:def:201735230000000	V	CVE-2017-3523 on Ubuntu 18.04 LTS (bionic) - medium.	2017-04-24
oval:com.ubuntu.bionic:def:20173523000	V	CVE-2017-3523 on Ubuntu 18.04 LTS (bionic) - medium.	2017-04-24
oval:com.ubuntu.xenial:def:20173523000	V	CVE-2017-3523 on Ubuntu 16.04 LTS (xenial) - medium.	2017-04-24
oval:com.ubuntu.xenial:def:201735230000000	V	CVE-2017-3523 on Ubuntu 16.04 LTS (xenial) - medium.	2017-04-24
oval:com.ubuntu.cosmic:def:20173523000	V	CVE-2017-3523 on Ubuntu 18.10 (cosmic) - medium.	2017-04-24
oval:com.ubuntu.precise:def:20173523000	V	CVE-2017-3523 on Ubuntu 12.04 LTS (precise) - medium.	2017-04-24

BACK