CVE-2019-2435

CWE-284 — Improper Access Control9 documents6 sources

Severity

8.1HIGH

EPSS

2.7%

top 14.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle Mysql Connectors Oracle Corporation Mysql Connectors Netapp Active IQ Unified Manager

Timeline

PublishedJan 16

Latest updateMay 13

Description

Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/Python). Supported versions that are affected are 8.0.13 and prior and 2.1.8 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to c…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:NExploitability: 2.8 | Impact: 5.2

Affected Packages4 packages

▶NVDoracle/mysql_connectors2.1.0 — 2.1.8+1

▶CVEListV5oracle_corporation/mysql_connectors2.1.8 and prior, 8.0.13 and prior+1

▶PyPImysql-connector-python8.0.0 — 8.0.19+1

▶NVDnetapp/active_iq_unified_manager+1

Patches

Patch: www.oracle.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

GHSA

Improper Access Control in MySQL Connector Python↗2022-05-13

▶

OSV

Improper Access Control in MySQL Connector Python↗2022-05-13

▶

OSV

CVE-2019-2435: Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/Python)↗2019-01-16

▶

CVEList

CVE-2019-2435: Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/Python)↗2019-01-16

▶

📋Vendor Advisories

Debian

CVE-2019-2435: mysql-connector-python - Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: C...↗2019

▶

💬Community

Bugzilla

CVE-2019-2435 mysql-connector-python: unauthorized access to data↗2019-01-16

▶

Bugzilla

CVE-2019-2435 mysql-connector-python: unauthorized access to data [fedora-all]↗2019-01-16

▶

Bugzilla

CVE-2019-2435 mysql-connector-python: unauthorized access to data [epel-all]↗2019-01-16

▶