CVE-2022-21363 – mysql:mysql-connector-java

Package

Manager: maven
Name: mysql:mysql-connector-java
Vulnerable Version: >=0 <8.0.28

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00286 pctl0.51709

Details

Improper Handling of Insufficient Permissions or Privileges in MySQL Connectors Java Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).

Metadata

Created: 2022-01-20T00:00:48Z
Modified: 2022-06-20T22:48:44Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/01/GHSA-g76j-4cxx-23h9/GHSA-g76j-4cxx-23h9.json
CWE IDs: ["CWE-280"]
Alternative ID: GHSA-g76j-4cxx-23h9
Finding: F159
Auto approve: 1