Vulnerability Description
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 4.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N).
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Oracle | Mysql | >= 5.5.0, <= 5.5.57 |
| Debian | Debian Linux | 8.0 |
| Redhat | Openstack | 12 |
| Redhat | Enterprise Linux Desktop | 7.0 |
| Redhat | Enterprise Linux Eus | 7.5 |
| Redhat | Enterprise Linux Server | 7.0 |
| Redhat | Enterprise Linux Server Aus | 7.6 |
| Redhat | Enterprise Linux Server Tus | 7.6 |
| Redhat | Enterprise Linux Workstation | 7.0 |
| Mariadb | Mariadb | >= 5.5.0, < 5.5.58 |
| Netapp | Active Iq Unified Manager | >= 7.3 |
| Netapp | Oncommand Balance | - |
| Netapp | Oncommand Insight | - |
| Netapp | Oncommand Performance Manager | - |
| Netapp | Oncommand Unified Manager | <= 7.1 |
| Netapp | Oncommand Workflow Automation | - |
| Netapp | Snapcenter | - |
References
- http://www.debian.org/security/2017/dsa-4002Third Party Advisory
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlPatchVendor Advisory
- http://www.securityfocus.com/bid/101390Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1039597Broken LinkThird Party AdvisoryVDB Entry
- https://access.redhat.com/errata/RHSA-2017:3265Third Party Advisory
- https://access.redhat.com/errata/RHSA-2017:3442Third Party Advisory
- https://access.redhat.com/errata/RHSA-2018:0279Third Party Advisory
- https://access.redhat.com/errata/RHSA-2018:0574Third Party Advisory
- https://access.redhat.com/errata/RHSA-2018:2439Third Party Advisory
- https://access.redhat.com/errata/RHSA-2018:2729Third Party Advisory
- https://access.redhat.com/errata/RHSA-2019:1258Third Party Advisory
- https://lists.debian.org/debian-lts-announce/2018/06/msg00015.htmlMailing ListThird Party Advisory
- https://security.netapp.com/advisory/ntap-20171019-0002/Third Party Advisory
- https://www.debian.org/security/2018/dsa-4341Third Party Advisory
- http://www.debian.org/security/2017/dsa-4002Third Party Advisory
FAQ
What is CVE-2017-10268?
CVE-2017-10268 is a vulnerability with a CVSS score of 4.1 (MEDIUM). Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier....
How severe is CVE-2017-10268?
CVE-2017-10268 has been rated MEDIUM with a CVSS base score of 4.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-10268?
Check the references section above for vendor advisories and patch information. Affected products include: Oracle Mysql, Debian Debian Linux, Redhat Openstack, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Eus.