CVE-2019-2692
mysql-connector-java: privilege escalation in MySQL connector
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Connectors executes to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).
Vulnerabilidad en el componente MySQL Connectors de Oracle MySQL (subcomponente: Connector/J). Las versiones compatibles que se ven afectadas son 8.0.15 y anteriores. Vulnerabilidad difícil de operación que permite a un atacante muy privilegiado iniciar sesión en la infraestructura donde se ejecuta MySQL connectors y comprometer a MySQL Connectors. Los ataques con éxito requieren la interacción humana con otra persona distinta al atacante. Los ataques con éxito de esta vulnerabilidad pueden resultar en la apropiación de MySQL Connectors. CVSS 3.0 Puntuación Base 6.3 (impactos de confidencialidad, integridad y disponibilidad). Vector CVSS: (CVSS:3.0/AV:L/AC:h/PR:h/UI:R/S:U/C:h/I:h/A.).
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-12-14 CVE Reserved
- 2019-04-23 CVE Published
- 2024-04-16 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/107925 | Vdb Entry | |
| https://security.netapp.com/advisory/ntap-20190423-0002 | X_refsource_confirm |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html | 2020-08-24 |
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2019-2692 | 2020-12-16 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1703402 | 2020-12-16 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Oracle Search vendor "Oracle" | Mysql Connector\/j Search vendor "Oracle" for product "Mysql Connector\/j" | <= 8.0.15 Search vendor "Oracle" for product "Mysql Connector\/j" and version " <= 8.0.15" | - |
Affected
| ||||||