CVE-2017-3611

Vulnerability in the Data Store component of Oracle Berkeley DB. The supported version that is affected is Prior to 6.2.32. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Data Store. CVSS 3.0 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).

CVSS v3 7.0 HIGH
CVSS v2.0 3.7 LOW

7.0^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.0 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

3.7^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:H/Au:N/C:P/I:P/A:P

Exploitability : 1.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity HIGH

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html	Patch Vendor Advisory
http://www.securityfocus.com/bid/97859	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

cpe:2.3:a:oracle:berkeley_db:*:*:*:*:*:*:*:*

History

09 Mar 2021, 19:33

Type	Values Removed	Values Added
CPE	cpe:2.3:a:oracle:oracle_berkeley_db::::::::	cpe:2.3:a:oracle:berkeley_db::::::::

Information

Published : 2017-04-24 19:59

Updated : 2023-12-10 12:01

NVD link : CVE-2017-3611

Mitre link : CVE-2017-3611

CVE.ORG link : CVE-2017-3611

JSON object : View

Products Affected

oracle

berkeley_db

CWE

NVD-CWE-noinfo

{"id": "CVE-2017-3611", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.7, "accessVector": "LOCAL", "vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "HIGH", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 1.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.0, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.0}]}, "published": "2017-04-24T19:59:06.333", "references": [{"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", "tags": ["Patch", "Vendor Advisory"], "source": "secalert_us@oracle.com"}, {"url": "http://www.securityfocus.com/bid/97859", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secalert_us@oracle.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Vulnerability in the Data Store component of Oracle Berkeley DB. The supported version that is affected is Prior to 6.2.32. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Data Store. CVSS 3.0 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)."}, {"lang": "es", "value": "Vulnerabilidad en el componente Data Store de Oracle Berkeley DB. Versiones afectadas anteriores a 6.2.32. Dif\u00edcil de explotar, la vulnerabilidad permite a un atacante no autenticado con inicio de sesi\u00f3n a la infraestructura donde se almacena el Data Store comprometerlo. El ataque requiere interacci\u00f3n humana de una persona diferente y si tiene \u00e9xito se obtiene el control de la Data Store. CVSS 3.0 Base Score 7.0 (Impacto en Confidencialidad, Integridad y Disponibilidad ). Vector CVSS: (CVSS: 3.0/AV: L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)."}], "lastModified": "2021-03-09T19:33:35.983", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:berkeley_db:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9025531B-7D17-4B97-9F2B-3165910D32FB", "versionEndExcluding": "6.2.32"}], "operator": "OR"}]}], "sourceIdentifier": "secalert_us@oracle.com"}