Vulnerabilities > CVE-2017-3304 - Unspecified vulnerability in Oracle Mysql Cluster

CVSS 5.4 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

LOW

network

low complexity

oracle

nessus

NVD

Published: 2017-04-24

Updated: 2024-11-21

Summary

Vulnerability in the MySQL Cluster component of Oracle MySQL (subcomponent: Cluster: DD). Supported versions that are affected are 7.2.27 and earlier, 7.3.16 and earlier, 7.4.14 and earlier and 7.5.5 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.0 Base Score 5.4 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L).

Vulnerable Configurations

Part	Description	Count
Application	Oracle Oracle Mysql Cluster - Oracle Mysql Cluster 7.2.0 Oracle Mysql Cluster 7.2.1 Oracle Mysql Cluster 7.2.2 Oracle Mysql Cluster 7.2.4 Oracle Mysql Cluster 7.2.5 Oracle Mysql Cluster 7.2.6 Oracle Mysql Cluster 7.2.7 Oracle Mysql Cluster 7.2.8 Oracle Mysql Cluster 7.2.9 Oracle Mysql Cluster 7.2.10 Oracle Mysql Cluster 7.2.12 Oracle Mysql Cluster 7.2.13 Oracle Mysql Cluster 7.2.14 Oracle Mysql Cluster 7.2.15 Oracle Mysql Cluster 7.2.16 Oracle Mysql Cluster 7.2.17 Oracle Mysql Cluster 7.2.18 Oracle Mysql Cluster 7.2.19 Oracle Mysql Cluster 7.2.20 Oracle Mysql Cluster 7.2.21 Oracle Mysql Cluster 7.2.22 Oracle Mysql Cluster 7.2.23 Oracle Mysql Cluster 7.2.24 Oracle Mysql Cluster 7.2.25 Oracle Mysql Cluster 7.2.26 Oracle Mysql Cluster 7.2.27 Oracle Mysql Cluster 7.3.1 Oracle Mysql Cluster 7.3.2 Oracle Mysql Cluster 7.3.3 Oracle Mysql Cluster 7.3.4 Oracle Mysql Cluster 7.3.5 Oracle Mysql Cluster 7.3.6 Oracle Mysql Cluster 7.3.7 Oracle Mysql Cluster 7.3.8 Oracle Mysql Cluster 7.3.9 Oracle Mysql Cluster 7.3.10 Oracle Mysql Cluster 7.3.11 Oracle Mysql Cluster 7.3.12 Oracle Mysql Cluster 7.3.13 Oracle Mysql Cluster 7.3.14 Oracle Mysql Cluster 7.3.15 Oracle Mysql Cluster 7.3.16 Oracle Mysql Cluster 7.3.30 Oracle Mysql Cluster 7.4.0 Oracle Mysql Cluster 7.4.1 Oracle Mysql Cluster 7.4.2 Oracle Mysql Cluster 7.4.3 Oracle Mysql Cluster 7.4.4 Oracle Mysql Cluster 7.4.5 Oracle Mysql Cluster 7.4.6 Oracle Mysql Cluster 7.4.7 Oracle Mysql Cluster 7.4.8 Oracle Mysql Cluster 7.4.9 Oracle Mysql Cluster 7.4.10 Oracle Mysql Cluster 7.4.11 Oracle Mysql Cluster 7.4.12 Oracle Mysql Cluster 7.4.13 Oracle Mysql Cluster 7.4.14 Oracle Mysql Cluster 7.4.29 Oracle Mysql Cluster 7.4.33 Oracle Mysql Cluster 7.4.34 Oracle Mysql Cluster 7.4.38 Oracle Mysql Cluster 7.5.0 Oracle Mysql Cluster 7.5.1 Oracle Mysql Cluster 7.5.2 Oracle Mysql Cluster 7.5.3 Oracle Mysql Cluster 7.5.4 Oracle Mysql Cluster 7.5.5	69

Nessus

NASL family	Databases
NASL id	MYSQL_CLUSTER_7_4_15.NASL
description	The version of MySQL Cluster running on the remote host is 7.4.x prior to 7.4.15. It is, therefore, affected by an arbitrary data manipulation vulnerability in the DD subcomponent due to an unspecified flaw. An authenticated, remote attacker can exploit this to update, insert, or delete arbitrary data or cause a partial denial of service condition.
last seen	2020-06-01
modified	2020-06-02
plugin id	99519
published	2017-04-20
reporter	This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/99519
title	MySQL Cluster 7.4.x < 7.4.15 DD Subcomponent Arbitrary Data Manipulation (April 2017 CPU)

NASL family	Databases
NASL id	MYSQL_CLUSTER_7_5_6.NASL
description	The version of MySQL Cluster running on the remote host is 7.5.x prior to 7.5.6. It is, therefore, affected by an arbitrary data manipulation vulnerability in the DD subcomponent due to an unspecified flaw. An authenticated, remote attacker can exploit this to update, insert, or delete arbitrary data or cause a partial denial of service condition.
last seen	2020-06-01
modified	2020-06-02
plugin id	99520
published	2017-04-20
reporter	This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/99520
title	MySQL Cluster 7.5.x < 7.5.6 DD Subcomponent Arbitrary Data Manipulation (April 2017 CPU)

NASL family	Databases
NASL id	MYSQL_CLUSTER_7_3_17.NASL
description	The version of MySQL Cluster running on the remote host is 7.3.x prior to 7.3.17. It is, therefore, affected by an arbitrary data manipulation vulnerability in the DD subcomponent due to an unspecified flaw. An authenticated, remote attacker can exploit this to update, insert, or delete arbitrary data or cause a partial denial of service condition.
last seen	2020-06-01
modified	2020-06-02
plugin id	99518
published	2017-04-20
reporter	This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/99518
title	MySQL Cluster 7.3.x < 7.3.17 DD Subcomponent Arbitrary Data Manipulation (April 2017 CPU)

NASL family	Databases
NASL id	MYSQL_CLUSTER_7_2_28.NASL
description	The version of MySQL Cluster running on the remote host is 7.2.x prior to 7.2.28. It is, therefore, affected by an arbitrary data manipulation vulnerability in the DD subcomponent due to an unspecified flaw. An authenticated, remote attacker can exploit this to update, insert, or delete arbitrary data or cause a partial denial of service condition.
last seen	2020-06-01
modified	2020-06-02
plugin id	99517
published	2017-04-20
reporter	This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/99517
title	MySQL Cluster 7.2.x < 7.2.28 DD Subcomponent Arbitrary Data Manipulation (April 2017 CPU)

Summary

Vulnerable Configurations

Nessus

References