Skip to main content

Mysql Enterprise Monitor CVE-2017-3307

LOW
2017-04-24 secalert_us@oracle.com
3.1
CVSS 3.0 · NVD

Severity by source

NVD PRIMARY
3.1 LOW
AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L
Attack Vector
Network
Attack Complexity
High
Privileges Required
High
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
Low

Lifecycle Timeline

1
CVE Published
Apr 24, 2017 - 19:59 cve.org
LOW 3.1

DescriptionCVE.org

Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Server). Supported versions that are affected are 3.1.6.8003 and earlier, 3.2.1182 and earlier and 3.3.2.1162 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Enterprise Monitor accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Enterprise Monitor. CVSS 3.0 Base Score 3.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L).

AnalysisAI

Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Server). Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable.

Technical ContextAI

Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Server). Supported versions that are affected are 3.1.6.8003 and earlier, 3.2.1182 and earlier and 3.3.2.1162 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Enterprise Monitor accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Enterprise Monitor. CVSS 3.0 Base Score 3.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L). Affected products include: Oracle Mysql Enterprise Monitor.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2017-5645 CRITICAL POC
9.8 Apr 17

In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events

CVE-2021-4104 HIGH
7.5 Dec 14

JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Lo

CVE-2022-22965 CRITICAL POC
9.8 Apr 01

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data b

CVE-2022-22963 CRITICAL POC
9.8 Apr 01

In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is po

CVE-2020-17530 CRITICAL POC
9.8 Dec 11

Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Rated cri

CVE-2019-17571 CRITICAL
9.8 Dec 20

Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be explo

CVE-2018-11776 HIGH POC
8.1 Aug 22

Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullN

CVE-2020-1938 CRITICAL POC
9.8 Feb 24

When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Rate

CVE-2022-23305 CRITICAL
9.8 Jan 18

By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be

CVE-2020-13935 HIGH POC
7.5 Jul 14

The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to

CVE-2020-1967 HIGH POC
7.5 Apr 21

Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due

CVE-2013-4316 CRITICAL
10.0 Sep 30

Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack v

Share

CVE-2017-3307 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy