CVE-2017-3306 : Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Server). Supported ve

Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Server). Supported versions that are affected are 3.1.6.8003 and earlier, 3.2.1182 and earlier and 3.3.2.1162 and earlier. Easily "exploitable" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Enterprise Monitor, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Enterprise Monitor accessible data as well as unauthorized access to critical data or complete access to all MySQL Enterprise Monitor accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Enterprise Monitor. CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L).

Published 2017-04-24 19:59:01

Updated 2019-10-03 00:03:26

Source Oracle

View at NVD, CVE.org

Vulnerability category: BypassDenial of service

Exploit prediction scoring system (EPSS) score for CVE-2017-3306

Probability of exploitation activity in the next 30 days: 0.13%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 47 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2017-3306

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
8.2	HIGH	AV:N/AC:M/Au:S/C:C/I:C/A:P	6.8	9.5	NIST
Access Vector: Network Access Complexity: Medium Authentication: Single Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Partial
8.3	HIGH	CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L	1.7	6.0	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: High User Interaction: Required Scope: Changed Confidentiality: High Integrity: High Availability: Low

References for CVE-2017-3306

http://www.securityfocus.com/bid/97724

Oracle MySQL Enterprise Monitor CVE-2017-3306 Remote Security Vulnerability
Third Party Advisory;VDB Entry
http://www.securitytracker.com/id/1038287

MySQL Multiple Flaws Let Remote Authenticated and Local Users Modify Data, Remote and Local Users Deny Service, and Remote Authenticated Users Gain Elevated Privileges - SecurityTracker
Third Party Advisory;VDB Entry

CVEs referencing this url
http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html

Oracle Critical Patch Update - April 2017
Patch;Vendor Advisory

CVEs referencing this url

Products affected by CVE-2017-3306

Oracle » Mysql Enterprise Monitor
Versions from including (>=) 3.2.0 and up to, including, (<=) 3.2.1182
cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*
Matching versions
Oracle » Mysql Enterprise Monitor
Versions from including (>=) 3.3.0 and up to, including, (<=) 3.3.2.1162
cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*
Matching versions
Oracle » Mysql Enterprise Monitor
Versions from including (>=) 3.1.0 and up to, including, (<=) 3.1.6.8003
cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2017-3306

Exploit prediction scoring system (EPSS) score for CVE-2017-3306

CVSS scores for CVE-2017-3306

References for CVE-2017-3306

Products affected by CVE-2017-3306