CVE-2019-2692 — Type Confusion in Oracle Mysql Connector J

CWE-843 — Type Confusion7 documents7 sources

Severity

6.3MEDIUMNVD

EPSS

1.0%

top 22.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle Mysql Connector J Oracle Corporation Mysql Connectors

Timeline

PublishedApr 23

Latest updateJul 1

Description

Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Connectors executes to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.0 Base S…

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:HExploitability: 0.3 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5oracle_corporation/mysql_connectors8.0.15 and prior

▶NVDoracle/mysql_connector_j8.0.15

Patches

Patch: www.oracle.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

OSV

Privilege escalation in mysql-connector-jav↗2020-07-01

▶

GHSA

Privilege escalation in mysql-connector-jav↗2020-07-01

▶

CVEList

CVE-2019-2692: Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J)↗2019-04-23

▶

💥Exploits & PoCs

Exploit-DB

XooGallery - Multiple SQL Injection↗2019-03-26

▶

📋Vendor Advisories

Red Hat

mysql-connector-java: privilege escalation in MySQL connector↗2019-04-23

▶

💬Community

Bugzilla

CVE-2019-2692 mysql-connector-java: privilege escalation in MySQL connector↗2019-04-26

▶