CVE-2018-3258 – mysql:mysql-connector-java

Package

Manager: maven
Name: mysql:mysql-connector-java
Vulnerable Version: >=0 <8.0.13

Severity

Level: High

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.0449 pctl0.88682

Details

Improper Privilege Management in MySQL Connectors Java Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

Metadata

Created: 2022-05-13T01:52:26Z
Modified: 2022-06-28T23:45:33Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-4vrv-ch96-6h42/GHSA-4vrv-ch96-6h42.json
CWE IDs: ["CWE-269"]
Alternative ID: GHSA-4vrv-ch96-6h42
Finding: F159
Auto approve: 1