Vulnerabilites related to oracle - connector\/python
Vulnerability from fkie_nvd
Published
2017-04-24 19:59
Modified
2024-11-21 03:25
Severity ?
Summary
Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/Python). Supported versions that are affected are 2.1.5 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Connectors executes to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data. CVSS 3.0 Base Score 3.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | connector\/python | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:connector\\/python:*:*:*:*:*:*:*:*", matchCriteriaId: "FEBF7ECB-B546-49C1-BEF0-17ACE4E21780", versionEndIncluding: "2.1.5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/Python). Supported versions that are affected are 2.1.5 and earlier. Easily \"exploitable\" vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Connectors executes to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data. CVSS 3.0 Base Score 3.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).", }, { lang: "es", value: "Una vulnerabilidad en el componente MySQL Connectors de Oracle MySQL (subcomponente Connector/Python) 2.1.5 y anteriores permite a un atacante con login de bajos privilegios en la infraestructura donde se ejecuta MySQL Connectors realizar actualizaciones, inserciones o borrados no autorizados a los datos accesibles por MySQL Connectors.", }, ], id: "CVE-2017-3590", lastModified: "2024-11-21T03:25:52.833", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 3.3, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-04-24T19:59:05.690", references: [ { source: "secalert_us@oracle.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/97840", }, { source: "secalert_us@oracle.com", url: "http://www.securitytracker.com/id/1038287", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/97840", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1038287", }, ], sourceIdentifier: "secalert_us@oracle.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
cve-2017-3590
Vulnerability from cvelistv5
Published
2017-04-24 19:00
Modified
2024-10-07 16:09
Severity ?
EPSS score ?
Summary
Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/Python). Supported versions that are affected are 2.1.5 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Connectors executes to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data. CVSS 3.0 Base Score 3.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1038287 | vdb-entry, x_refsource_SECTRACK | |
| http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/97840 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | MySQL Connectors |
Version: 2.1.5 and earlier |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T14:30:58.814Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1038287", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1038287", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", }, { name: "97840", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/97840", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2017-3590", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-07T15:44:30.549691Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-07T16:09:54.253Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MySQL Connectors", vendor: "Oracle Corporation", versions: [ { status: "affected", version: "2.1.5 and earlier", }, ], }, ], datePublic: "2017-04-18T00:00:00", descriptions: [ { lang: "en", value: "Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/Python). Supported versions that are affected are 2.1.5 and earlier. Easily \"exploitable\" vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Connectors executes to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data. CVSS 3.0 Base Score 3.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).", }, ], problemTypes: [ { descriptions: [ { description: "Easily \"exploitable\" vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Connectors executes to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data.", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-10T09:57:01", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { name: "1038287", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1038287", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", }, { name: "97840", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/97840", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert_us@oracle.com", ID: "CVE-2017-3590", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MySQL Connectors", version: { version_data: [ { version_affected: "=", version_value: "2.1.5 and earlier", }, ], }, }, ], }, vendor_name: "Oracle Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/Python). Supported versions that are affected are 2.1.5 and earlier. Easily \"exploitable\" vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Connectors executes to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data. CVSS 3.0 Base Score 3.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Easily \"exploitable\" vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Connectors executes to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data.", }, ], }, ], }, references: { reference_data: [ { name: "1038287", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1038287", }, { name: "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", }, { name: "97840", refsource: "BID", url: "http://www.securityfocus.com/bid/97840", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2017-3590", datePublished: "2017-04-24T19:00:00", dateReserved: "2016-12-06T00:00:00", dateUpdated: "2024-10-07T16:09:54.253Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }