CVE-2022-21363
mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).
Una vulnerabilidad en el producto MySQL Connectors de Oracle MySQL (componente: Connector/J). Las versiones compatibles que están afectadas son 8.0.27 y anteriores. Una vulnerabilidad difícil de explotar permite a un atacante muy privilegiado con acceso a la red por medio de múltiples protocolos comprometer los Conectores de MySQL. Los ataques con éxito de esta vulnerabilidad pueden resultar en la toma de control de los Conectores MySQL. CVSS 3.1, Puntuación base 6.6 (impactos de confidencialidad, integridad y disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2021-11-15 CVE Reserved
- 2022-01-19 CVE Published
- 2023-08-12 EPSS Updated
- 2024-09-24 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-280: Improper Handling of Insufficient Permissions or Privileges
CAPEC
References (3)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://www.oracle.com/security-alerts/cpujan2022.html | 2022-05-27 | |
https://access.redhat.com/security/cve/CVE-2022-21363 | 2022-10-05 | |
https://bugzilla.redhat.com/show_bug.cgi?id=2047343 | 2022-10-05 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Oracle Search vendor "Oracle" | Mysql Connectors Search vendor "Oracle" for product "Mysql Connectors" | >= 8.0.0 <= 8.0.27 Search vendor "Oracle" for product "Mysql Connectors" and version " >= 8.0.0 <= 8.0.27" | - |
Affected
| ||||||
Quarkus Search vendor "Quarkus" | Quarkus Search vendor "Quarkus" for product "Quarkus" | < 2.7.0 Search vendor "Quarkus" for product "Quarkus" and version " < 2.7.0" | - |
Affected
|