Skip to main content

Mysql Connectors CVE-2017-3586

MEDIUM
2017-04-24 secalert_us@oracle.com
6.4
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
6.4 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Apr 24, 2017 - 19:59 cve.org
MEDIUM 6.4

Blast Radius

ecosystem impact
† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth
  • 75 maven packages depend on mysql:mysql-connector-java (46 direct, 29 indirect)

Ecosystem-wide dependent count for version 5.1.42.

DescriptionCVE.org

Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 5.1.41 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. While the vulnerability is in MySQL Connectors, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data as well as unauthorized read access to a subset of MySQL Connectors accessible data. CVSS 3.0 Base Score 6.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N).

AnalysisAI

Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

Technical ContextAI

Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 5.1.41 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. While the vulnerability is in MySQL Connectors, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data as well as unauthorized read access to a subset of MySQL Connectors accessible data. CVSS 3.0 Base Score 6.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N). Affected products include: Oracle Mysql Connectors.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2020-1967 HIGH POC
7.5 Apr 21

Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due

CVE-2019-10219 MEDIUM POC
6.1 Nov 08

A vulnerability was found in Hibernate-Validator. Rated medium severity (CVSS 6.1), this vulnerability is remotely explo

CVE-2021-3711 CRITICAL
9.8 Aug 24

In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Rated cri

CVE-2022-21824 HIGH
8.2 Feb 24

Due to the formatting logic of the "console.table()" function it was not safe to allow user controlled input to be passe

CVE-2019-2435 HIGH
8.1 Jan 16

Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/Python). Rated high severity (C

CVE-2025-30706 HIGH
7.5 Apr 15

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Rated high severity (CVSS 7.5),

CVE-2021-3450 HIGH
7.4 Mar 25

The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain.

CVE-2024-21262 MEDIUM
6.5 Oct 15

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/ODBC). Rated medium severity (CVSS 6

CVE-2021-2471 MEDIUM
5.9 Oct 20

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Rated medium severity (CVSS 5.9)

CVE-2021-3449 MEDIUM
5.9 Mar 25

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. Rated med

CVE-2023-21971 MEDIUM
5.3 Apr 18

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Rated medium severity (CVSS 5.3)

CVE-2025-30714 MEDIUM
4.8 Apr 15

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/Python). Rated medium severity (CVSS

Share

CVE-2017-3586 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy