CVE-2016-5598 - OpenCVE

Unspecified vulnerability in the MySQL Connector component 2.1.3 and earlier and 2.0.4 and earlier in Oracle MySQL allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Connector/Python.

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Oracle	Mysql Connector\/python

Configuration 1 [-]

cpe:2.3:a:oracle:mysql_connector\/python:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:a:oracle:mysql_connector\/python:*:*:*:*:*:*:*:*

References

Link	Resource
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html	Patch Vendor Advisory
http://www.securityfocus.com/bid/93653	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1037050	Third Party Advisory VDB Entry

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: oracle

Published: 2016-10-25T14:00:00

Updated: 2017-07-28T09:57:01

Reserved: 2016-06-16T00:00:00

Link: CVE-2016-5598

JSON object: View

NVD Information

Status : Analyzed

Published: 2016-10-25T14:31:09.750

Modified: 2018-05-02T15:20:24.410

Link: CVE-2016-5598

JSON object: View

Redhat Information

No data.

CWE

CWE-284

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-10-18T00:00:00", "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the MySQL Connector component 2.1.3 and earlier and 2.0.4 and earlier in Oracle MySQL allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Connector/Python."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-28T09:57:01", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"}, {"name": "93653", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/93653"}, {"name": "1037050", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1037050"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2016-5598", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unspecified vulnerability in the MySQL Connector component 2.1.3 and earlier and 2.0.4 and earlier in Oracle MySQL allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Connector/Python."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"}, {"name": "93653", "refsource": "BID", "url": "http://www.securityfocus.com/bid/93653"}, {"name": "1037050", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037050"}]}}}}, "cveMetadata": {"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2016-5598", "datePublished": "2016-10-25T14:00:00", "dateReserved": "2016-06-16T00:00:00", "dateUpdated": "2017-07-28T09:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:mysql_connector\\/python:*:*:*:*:*:*:*:*", "matchCriteriaId": "3404E9AE-B3B0-46B6-9E0B-2F7755FA11A9", "versionEndIncluding": "2.0.4", "versionStartIncluding": "2.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:mysql_connector\\/python:*:*:*:*:*:*:*:*", "matchCriteriaId": "39F92CBD-2B47-482A-9579-D38762EB7C9A", "versionEndIncluding": "2.1.3", "versionStartIncluding": "2.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the MySQL Connector component 2.1.3 and earlier and 2.0.4 and earlier in Oracle MySQL allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Connector/Python."}, {"lang": "es", "value": "Vulnerabilidad no especificada en el componente MySQL Connector 2.1.3 y versiones anteriores y 2.0.4 y versiones anteriores en Oracle MySQL permite a atacantes remotos afectar la confidencialidad, la integridad y la disponibilidad a trav\u00e9s de vectores relacionados con Connector/Python."}], "id": "CVE-2016-5598", "lastModified": "2018-05-02T15:20:24.410", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 3.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-10-25T14:31:09.750", "references": [{"source": "secalert_us@oracle.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"}, {"source": "secalert_us@oracle.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/93653"}, {"source": "secalert_us@oracle.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1037050"}], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "nvd@nist.gov", "type": "Primary"}]}