CVE-2017-3523 – mysql:mysql-connector-java

Package

Manager: maven
Name: mysql:mysql-connector-java
Vulnerable Version: >=0 <5.1.41

Severity

Level: High

CVSS v3.1: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

EPSS: 0.00592 pctl0.68285

Details

Improper Access Control in MySQL Connectors Java Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 5.1.40 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. While the vulnerability is in MySQL Connectors, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.0 Base Score 8.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H).

Metadata

Created: 2022-05-13T01:45:34Z
Modified: 2022-07-01T17:12:48Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-2xxh-f8r3-hvvr/GHSA-2xxh-f8r3-hvvr.json
CWE IDs: ["CWE-284"]
Alternative ID: GHSA-2xxh-f8r3-hvvr
Finding: F039
Auto approve: 1