Search for vulnerabilities
Vulnerability details: VCID-s79t-sc1r-aaas
Vulnerability ID VCID-s79t-sc1r-aaas
Aliases CVE-2017-15365
Summary sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Cluster before 5.6.37-26.21-3 and 5.7.x before 5.7.19-29.22-3 allows remote authenticated users with SQL access to bypass intended access restrictions and replicate data definition language (DDL) statements to cluster nodes by leveraging incorrect ordering of DDL replication and ACL checking.
Status Published
Exploitability 0.5
Weighted Severity 7.9
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-284 Improper Access Control
System Score Found at
generic_textual Medium http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15365.html
rhas Moderate https://access.redhat.com/errata/RHSA-2019:1258
ssvc Track https://access.redhat.com/errata/RHSA-2019:1258
cvssv3 8.8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15365.json
epss 0.00328 https://api.first.org/data/v1/epss?cve=CVE-2017-15365
epss 0.00328 https://api.first.org/data/v1/epss?cve=CVE-2017-15365
epss 0.00328 https://api.first.org/data/v1/epss?cve=CVE-2017-15365
epss 0.00328 https://api.first.org/data/v1/epss?cve=CVE-2017-15365
epss 0.00328 https://api.first.org/data/v1/epss?cve=CVE-2017-15365
epss 0.00328 https://api.first.org/data/v1/epss?cve=CVE-2017-15365
epss 0.00328 https://api.first.org/data/v1/epss?cve=CVE-2017-15365
epss 0.00328 https://api.first.org/data/v1/epss?cve=CVE-2017-15365
epss 0.00328 https://api.first.org/data/v1/epss?cve=CVE-2017-15365
epss 0.00328 https://api.first.org/data/v1/epss?cve=CVE-2017-15365
epss 0.00328 https://api.first.org/data/v1/epss?cve=CVE-2017-15365
epss 0.00328 https://api.first.org/data/v1/epss?cve=CVE-2017-15365
epss 0.00328 https://api.first.org/data/v1/epss?cve=CVE-2017-15365
epss 0.00328 https://api.first.org/data/v1/epss?cve=CVE-2017-15365
epss 0.00328 https://api.first.org/data/v1/epss?cve=CVE-2017-15365
epss 0.00328 https://api.first.org/data/v1/epss?cve=CVE-2017-15365
epss 0.00328 https://api.first.org/data/v1/epss?cve=CVE-2017-15365
epss 0.00328 https://api.first.org/data/v1/epss?cve=CVE-2017-15365
epss 0.00328 https://api.first.org/data/v1/epss?cve=CVE-2017-15365
epss 0.00328 https://api.first.org/data/v1/epss?cve=CVE-2017-15365
epss 0.00328 https://api.first.org/data/v1/epss?cve=CVE-2017-15365
epss 0.00328 https://api.first.org/data/v1/epss?cve=CVE-2017-15365
epss 0.00328 https://api.first.org/data/v1/epss?cve=CVE-2017-15365
epss 0.00328 https://api.first.org/data/v1/epss?cve=CVE-2017-15365
epss 0.00328 https://api.first.org/data/v1/epss?cve=CVE-2017-15365
epss 0.00328 https://api.first.org/data/v1/epss?cve=CVE-2017-15365
epss 0.00328 https://api.first.org/data/v1/epss?cve=CVE-2017-15365
epss 0.00328 https://api.first.org/data/v1/epss?cve=CVE-2017-15365
epss 0.00328 https://api.first.org/data/v1/epss?cve=CVE-2017-15365
epss 0.00328 https://api.first.org/data/v1/epss?cve=CVE-2017-15365
epss 0.00328 https://api.first.org/data/v1/epss?cve=CVE-2017-15365
epss 0.00328 https://api.first.org/data/v1/epss?cve=CVE-2017-15365
epss 0.00328 https://api.first.org/data/v1/epss?cve=CVE-2017-15365
epss 0.00328 https://api.first.org/data/v1/epss?cve=CVE-2017-15365
epss 0.00328 https://api.first.org/data/v1/epss?cve=CVE-2017-15365
epss 0.00328 https://api.first.org/data/v1/epss?cve=CVE-2017-15365
epss 0.00328 https://api.first.org/data/v1/epss?cve=CVE-2017-15365
epss 0.00328 https://api.first.org/data/v1/epss?cve=CVE-2017-15365
epss 0.00328 https://api.first.org/data/v1/epss?cve=CVE-2017-15365
epss 0.00328 https://api.first.org/data/v1/epss?cve=CVE-2017-15365
epss 0.00328 https://api.first.org/data/v1/epss?cve=CVE-2017-15365
epss 0.00328 https://api.first.org/data/v1/epss?cve=CVE-2017-15365
epss 0.00328 https://api.first.org/data/v1/epss?cve=CVE-2017-15365
epss 0.00328 https://api.first.org/data/v1/epss?cve=CVE-2017-15365
epss 0.00328 https://api.first.org/data/v1/epss?cve=CVE-2017-15365
epss 0.00328 https://api.first.org/data/v1/epss?cve=CVE-2017-15365
epss 0.00328 https://api.first.org/data/v1/epss?cve=CVE-2017-15365
epss 0.00328 https://api.first.org/data/v1/epss?cve=CVE-2017-15365
epss 0.00328 https://api.first.org/data/v1/epss?cve=CVE-2017-15365
epss 0.00328 https://api.first.org/data/v1/epss?cve=CVE-2017-15365
epss 0.00328 https://api.first.org/data/v1/epss?cve=CVE-2017-15365
epss 0.00328 https://api.first.org/data/v1/epss?cve=CVE-2017-15365
epss 0.00328 https://api.first.org/data/v1/epss?cve=CVE-2017-15365
epss 0.00328 https://api.first.org/data/v1/epss?cve=CVE-2017-15365
epss 0.00328 https://api.first.org/data/v1/epss?cve=CVE-2017-15365
epss 0.00328 https://api.first.org/data/v1/epss?cve=CVE-2017-15365
epss 0.00328 https://api.first.org/data/v1/epss?cve=CVE-2017-15365
epss 0.00328 https://api.first.org/data/v1/epss?cve=CVE-2017-15365
epss 0.00328 https://api.first.org/data/v1/epss?cve=CVE-2017-15365
epss 0.00385 https://api.first.org/data/v1/epss?cve=CVE-2017-15365
epss 0.00385 https://api.first.org/data/v1/epss?cve=CVE-2017-15365
epss 0.00385 https://api.first.org/data/v1/epss?cve=CVE-2017-15365
epss 0.00385 https://api.first.org/data/v1/epss?cve=CVE-2017-15365
epss 0.00418 https://api.first.org/data/v1/epss?cve=CVE-2017-15365
epss 0.00418 https://api.first.org/data/v1/epss?cve=CVE-2017-15365
epss 0.00418 https://api.first.org/data/v1/epss?cve=CVE-2017-15365
epss 0.00418 https://api.first.org/data/v1/epss?cve=CVE-2017-15365
epss 0.00418 https://api.first.org/data/v1/epss?cve=CVE-2017-15365
epss 0.00418 https://api.first.org/data/v1/epss?cve=CVE-2017-15365
epss 0.00418 https://api.first.org/data/v1/epss?cve=CVE-2017-15365
epss 0.00418 https://api.first.org/data/v1/epss?cve=CVE-2017-15365
epss 0.00418 https://api.first.org/data/v1/epss?cve=CVE-2017-15365
epss 0.00418 https://api.first.org/data/v1/epss?cve=CVE-2017-15365
epss 0.00418 https://api.first.org/data/v1/epss?cve=CVE-2017-15365
epss 0.00418 https://api.first.org/data/v1/epss?cve=CVE-2017-15365
epss 0.00418 https://api.first.org/data/v1/epss?cve=CVE-2017-15365
epss 0.00433 https://api.first.org/data/v1/epss?cve=CVE-2017-15365
epss 0.00433 https://api.first.org/data/v1/epss?cve=CVE-2017-15365
epss 0.00433 https://api.first.org/data/v1/epss?cve=CVE-2017-15365
epss 0.00433 https://api.first.org/data/v1/epss?cve=CVE-2017-15365
epss 0.00433 https://api.first.org/data/v1/epss?cve=CVE-2017-15365
epss 0.00433 https://api.first.org/data/v1/epss?cve=CVE-2017-15365
epss 0.00433 https://api.first.org/data/v1/epss?cve=CVE-2017-15365
epss 0.00433 https://api.first.org/data/v1/epss?cve=CVE-2017-15365
epss 0.00433 https://api.first.org/data/v1/epss?cve=CVE-2017-15365
epss 0.00433 https://api.first.org/data/v1/epss?cve=CVE-2017-15365
epss 0.00433 https://api.first.org/data/v1/epss?cve=CVE-2017-15365
epss 0.00433 https://api.first.org/data/v1/epss?cve=CVE-2017-15365
epss 0.01074 https://api.first.org/data/v1/epss?cve=CVE-2017-15365
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=1524234
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10268
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10378
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15365
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2562
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2612
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2622
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2640
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2665
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2668
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2755
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2761
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2766
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2767
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2771
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2781
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2782
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2784
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2787
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2813
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2817
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2819
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3058
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3063
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3064
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3066
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3081
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3143
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3156
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3174
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3251
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3282
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2503
cvssv2 5.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3 6.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv2 6.5 https://nvd.nist.gov/vuln/detail/CVE-2017-15365
cvssv3 8.8 https://nvd.nist.gov/vuln/detail/CVE-2017-15365
generic_textual Medium https://www.percona.com/doc/percona-xtradb-cluster/LATEST/release-notes/Percona-XtraDB-Cluster-5.7.19-29.22-3.html
Reference id Reference type URL
http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15365.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15365.json
https://api.first.org/data/v1/epss?cve=CVE-2017-15365
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10268
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10378
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15365
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2562
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2612
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2622
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2640
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2665
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2668
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2755
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2761
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2766
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2767
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2771
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2781
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2782
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2784
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2787
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2813
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2817
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2819
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3058
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3063
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3064
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3066
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3081
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3143
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3156
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3174
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3251
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3282
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2503
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/MariaDB/server/commit/0b5a5258abbeaf8a0c3a18c7e753699787fdf46e
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ELCZV46WIYSJ6VMC65GMNN3A3QDRUJGK/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ELCZV46WIYSJ6VMC65GMNN3A3QDRUJGK/
https://mariadb.com/kb/en/library/mariadb-10130-release-notes/
https://mariadb.com/kb/en/library/mariadb-10210-release-notes/
https://www.debian.org/security/2018/dsa-4341
https://www.percona.com/blog/2017/10/30/percona-xtradb-cluster-5-6-37-26-21-3-is-now-available/
https://www.percona.com/doc/percona-xtradb-cluster/LATEST/release-notes/Percona-XtraDB-Cluster-5.7.19-29.22-3.html
1524234 https://bugzilla.redhat.com/show_bug.cgi?id=1524234
884065 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884065
cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
cpe:2.3:a:percona:xtradb_cluster:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:percona:xtradb_cluster:*:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:26:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:26:*:*:*:*:*:*:*
CVE-2017-15365 https://nvd.nist.gov/vuln/detail/CVE-2017-15365
RHSA-2019:1258 https://access.redhat.com/errata/RHSA-2019:1258
No exploits are available.
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T15:42:56Z/ Found at https://access.redhat.com/errata/RHSA-2019:1258
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15365.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:L/Au:S/C:N/I:P/A:P Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2017-15365
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2017-15365
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.52705
EPSS Score 0.00328
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.