Upstream information

CVE-2017-3523 at MITRE

Description

Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 5.1.40 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. While the vulnerability is in MySQL Connectors, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.0 Base Score 8.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H).

SUSE information

CVSS v2 Scores
  National Vulnerability Database SUSE
Base Score 6.00 4.63
Vector AV:N/AC:M/Au:S/C:P/I:P/A:P AV:N/AC:H/Au:S/C:P/I:P/A:P
Access Vector Network Network
Access Complexity Medium High
Authentication Single Single
Confidentiality Impact Partial Partial
Integrity Impact Partial Partial
Availability Impact Partial Partial
CVSS v3 Scores
  National Vulnerability Database
Base Score 8.5
Vector AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Access Vector Network
Access Complexity High
Privileges Required Low
User Interaction None
Scope Changed
Confidentiality Impact High
Integrity Impact High
Availability Impact High
SUSE Bugzilla entry: 1035697 [NEW]

No SUSE Security Announcements cross referenced.