CVE-2019-2920 — Incorrect Authorization in Oracle Mysql
Severity
5.3MEDIUMNVD
EPSS
2.3%
top 15.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedOct 16
Latest updateMay 24
Description
Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/ODBC). Supported versions that are affected are 5.3.13 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Connectors. CVSS 3.0 Base Score 5.3 (Availability imp…
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4
Affected Packages2 packages
Also affects: Ubuntu Linux 16.04, 18.04, 19.04, 19.10
Patches
🔴Vulnerability Details
2📋Vendor Advisories
2💬Community
10Bugzilla▶
CVE-2019-2920 mysql-connector-odbc: mysql: Connector: unauthenticated attacker can via multiple protocols compromise MySQL Connectors leading to a partial DoS [fedora-all]↗2019-11-20
Bugzilla▶
CVE-2019-2920 mariadb: mysql: Connector: unauthenticated attacker can via multiple protocols compromise MySQL Connectors leading to a partial DoS [fedora-all]↗2019-11-19
Bugzilla▶
CVE-2019-2920 mariadb:10.1/mariadb: mysql: Connector: unauthenticated attacker can via multiple protocols compromise MySQL Connectors leading to a partial DoS [fedora-29]↗2019-11-19
Bugzilla▶
CVE-2019-2920 mysql:5.6/community-mysql: mysql: Connector: unauthenticated attacker can via multiple protocols compromise MySQL Connectors leading to a partial DoS [fedora-30]↗2019-11-19
Bugzilla▶
CVE-2019-2920 mariadb:10.4/mariadb: mysql: Connector: unauthenticated attacker can via multiple protocols compromise MySQL Connectors leading to a partial DoS [fedora-all]↗2019-11-19