Vulnerability CVE-2017-3586

Vulnerability Name:

CVE-2017-3586 (CCN-124960)

Assigned:

2016-12-06

Published:

2017-04-18

Updated:

2019-10-03

Summary:

Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 5.1.41 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. While the vulnerability is in MySQL Connectors, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data as well as unauthorized read access to a subset of MySQL Connectors accessible data. CVSS 3.0 Base Score 6.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N).

CVSS v3 Severity:

6.4 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N)
5.6 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): None

6.4 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N)
5.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

5.5 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): None

5.5 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): None

Vulnerability Type:

CWE-noinfo

Vulnerability Consequences:

Other

References:

Source: MITRE
Type: CNA
CVE-2017-3586

Source: DEBIAN
Type: UNKNOWN
DSA-3857

Source: CCN
Type: Oracle CPUApr2017
Oracle Critical Patch Update Advisory - April 2017

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html

Source: BID
Type: Third Party Advisory, VDB Entry
97784

Source: CCN
Type: BID-97784
Oracle MySQL Connectors CVE-2017-3586 Remote Security Vulnerability

Source: BID
Type: Not Applicable
97982

Source: CCN
Type: BID-97982
Oracle MySQL Connectors CVE-2017-3523 Remote Security Vulnerability

Source: SECTRACK
Type: UNKNOWN
1038287

Source: XF
Type: UNKNOWN
oracle-cpuapr2017-cve20173586(124960)

Source: CCN
Type: IBM Security Bulletin 3106029 (StoredIQ)
Multiple Vulnerabilities identified in IBM StoredIQ

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2017-3586

Vulnerable Configuration:

Configuration 1:

cpe:/a:oracle:mysql_connectors:*:*:*:*:*:*:*:* (Version <= 5.1.41)

Configuration CCN 1:

cpe:/a:oracle:mysql_connectors:5.1.41:*:*:*:*:*:*:*

AND

cpe:/a:ibm:storediq:7.6.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20173586	V	CVE-2017-3586	2022-09-02
oval:org.opensuse.security:def:10445	P	Security update for busybox (Important) (in QA)	2022-01-14
oval:org.opensuse.security:def:10444	P	Security update for MozillaFirefox (Important) (in QA)	2022-01-14
oval:org.opensuse.security:def:10436	P	Security update for libsndfile (Important)	2022-01-11
oval:org.opensuse.security:def:10432	P	Security update for p11-kit (Important)	2021-12-22
oval:org.opensuse.security:def:10381	P	Security update for fetchmail (Moderate)	2021-12-14
oval:org.opensuse.security:def:10668	P	Security update for the Linux Kernel (Important)	2021-12-06
oval:org.opensuse.security:def:10356	P	Security update for libvirt (Important)	2021-10-27
oval:org.opensuse.security:def:10154	P	Security update for ghostscript (Critical)	2021-09-15
oval:org.opensuse.security:def:10693	P	Security update for ntfs-3g_ntfsprogs (Important)	2021-09-07
oval:org.opensuse.security:def:10124	P	Security update for MozillaFirefox (Important)	2021-07-27
oval:org.opensuse.security:def:11105	P	Security update for icinga2 (Moderate)	2021-07-21
oval:org.opensuse.security:def:10281	P	Security update for squid (Important)	2021-06-11
oval:org.opensuse.security:def:17226	P	bogofilter-1.2.4-5.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:17262	P	libmwaw-0_3-3-0.3.13-7.9.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:17011	P	libIlmImf-Imf_2_1-21-32bit-2.1.0-4.5 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:124625	P	mysql-connector-java-5.1.42-5.4.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:17019	P	libpcsclite1-32bit-1.8.10-3.7 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:16619	P	mysql-connector-java-5.1.42-5.4.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11395	P	libqt4-32bit-4.8.6-2.11 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:17053	P	gimp-2.8.10-1.164 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:17301	P	typelib-1_0-Gtk-2_0-2.24.31-7.11 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11417	P	libyaml-0-2-0.1.6-1.19 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:17138	P	libvirt-client-32bit-2.0.0-26.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:17195	P	libpcsclite1-32bit-1.8.10-6.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:10262	P	Security update for curl (Moderate)	2021-05-31
oval:org.opensuse.security:def:10247	P	Security update for stunnel (Important)	2021-05-03
oval:org.opensuse.security:def:10423	P	Security update for ldb (Important)	2021-03-24
oval:org.opensuse.security:def:10200	P	Security update for wpa_supplicant (Important)	2021-02-11
oval:org.opensuse.security:def:10132	P	Security update for openvswitch (Important)	2021-02-02
oval:org.opensuse.security:def:17343	P	libgstfft-1_0-0-32bit-1.8.3-13.3.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:4095	P	mysql-connector-java-5.1.42-5.4.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:17372	P	libvpx1-32bit-1.3.0-3.3.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:17309	P	colord-1.3.3-12.13 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:16931	P	mysql-connector-java-5.1.42-5.4.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:17763	P	Security update for openssl (Moderate)	2020-12-01
oval:org.opensuse.security:def:18159	P	Security update for mysql-connector-java (Moderate)	2020-12-01
oval:org.opensuse.security:def:17428	P	Security update for openldap2 (Important)	2020-12-01
oval:org.opensuse.security:def:17785	P	Security update for libvirt (Moderate)	2020-12-01
oval:org.opensuse.security:def:17485	P	Security update for gcc10 (Moderate)	2020-12-01
oval:org.opensuse.security:def:18423	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:10735	P	libgit2-24 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:17516	P	Security update for file (Moderate)	2020-12-01
oval:org.opensuse.security:def:18449	P	Security update for mysql-connector-java (Moderate)	2020-12-01
oval:org.opensuse.security:def:11083	P	libvdpau-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10466	P	libXcursor-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10744	P	libid3tag-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:17404	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:17552	P	Security update for libXfont (Important)	2020-12-01
oval:org.opensuse.security:def:10512	P	libjpeg62-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10757	P	libmikmod-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:17461	P	Security update for shim (Moderate)	2020-12-01
oval:org.opensuse.security:def:17662	P	Security update for samba (Important)	2020-12-01
oval:org.opensuse.security:def:10559	P	libvirt-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:17473	P	Security update for tigervnc (Critical)	2020-12-01
oval:org.opensuse.security:def:17694	P	Security update for glibc (Important)	2020-12-01
oval:org.opensuse.security:def:10574	P	mysql-connector-java on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:17495	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:17751	P	Security update for php5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:10593	P	rhythmbox on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:18133	P	Security update for quagga (Important)	2020-12-01
oval:com.ubuntu.cosmic:def:201735860000000	V	CVE-2017-3586 on Ubuntu 18.10 (cosmic) - medium.	2017-04-24
oval:com.ubuntu.artful:def:20173586000	V	CVE-2017-3586 on Ubuntu 17.10 (artful) - medium.	2017-04-24
oval:com.ubuntu.trusty:def:20173586000	V	CVE-2017-3586 on Ubuntu 14.04 LTS (trusty) - medium.	2017-04-24
oval:com.ubuntu.bionic:def:201735860000000	V	CVE-2017-3586 on Ubuntu 18.04 LTS (bionic) - medium.	2017-04-24
oval:com.ubuntu.bionic:def:20173586000	V	CVE-2017-3586 on Ubuntu 18.04 LTS (bionic) - medium.	2017-04-24
oval:com.ubuntu.xenial:def:20173586000	V	CVE-2017-3586 on Ubuntu 16.04 LTS (xenial) - medium.	2017-04-24
oval:com.ubuntu.xenial:def:201735860000000	V	CVE-2017-3586 on Ubuntu 16.04 LTS (xenial) - medium.	2017-04-24
oval:com.ubuntu.cosmic:def:20173586000	V	CVE-2017-3586 on Ubuntu 18.10 (cosmic) - medium.	2017-04-24
oval:com.ubuntu.precise:def:20173586000	V	CVE-2017-3586 on Ubuntu 12.04 LTS (precise) - medium.	2017-04-24

BACK