CVE

CVE-2017-3307

Date: (C)2017-04-26   (M)2023-12-22

Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Server). Supported versions that are affected are 3.1.6.8003 and earlier, 3.2.1182 and earlier and 3.3.2.1162 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Enterprise Monitor accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Enterprise Monitor. CVSS 3.0 Base Score 3.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L).

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:		CVSS V2 Severity:
CVSS Score : 3.1		CVSS Score : 3.6
Exploit Score: 0.5		Exploit Score: 3.9
Impact Score: 2.5		Impact Score: 4.9
CVSS V3 Metrics:		CVSS V2 Metrics:
Attack Vector: NETWORK		Access Vector: NETWORK
Attack Complexity: HIGH		Access Complexity: HIGH
Privileges Required: HIGH		Authentication: SINGLE
User Interaction: REQUIRED		Confidentiality: NONE
Scope: UNCHANGED		Integrity: PARTIAL
Confidentiality: NONE		Availability: PARTIAL
Integrity: LOW
Availability: LOW

Reference:

SECTRACK-1038287

BID-97844

http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html