CVE-2017-3304

MEDIUM

Oracle Mysql Cluster < 7.2.27 - Denial of Service

Title source: rule

Description

Vulnerability in the MySQL Cluster component of Oracle MySQL (subcomponent: Cluster: DD). Supported versions that are affected are 7.2.27 and earlier, 7.3.16 and earlier, 7.4.14 and earlier and 7.5.5 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.0 Base Score 5.4 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L).

References (3)

[Patch, Vendor Advisory] http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/97815

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1038287

Scores

CVSS v3 5.4

EPSS 0.0036

EPSS Percentile 57.7%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

Classification

Status published

Affected Products (5)

oracle/mysql_cluster < 7.2.27

Oracle Corporation/MySQL Cluster < 7.2.27 and earlier

Oracle Corporation/MySQL Cluster < 7.3.16 and earlier

Oracle Corporation/MySQL Cluster < 7.4.14 and earlier

Oracle Corporation/MySQL Cluster < 7.5.5 and earlier

Timeline

Published Apr 24, 2017

Tracked Since Feb 18, 2026