CVE-2020-2934Oracle Mysql Connector J vulnerability

9 documents7 sources
Severity
5.0MEDIUMNVD
EPSS
0.2%
top 63.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Oracle Mysql Connector JOracle Corporation Weblogic ServerDebian Linux+2 more
Timeline
PublishedApr 15
Latest updateMay 24

Description

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.19 and prior and 5.1.48 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to som

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:LExploitability: 1.6 | Impact: 3.4

Affected Packages3 packages

NVDoracle/mysql_connector_j8.0.08.0.19+1
NVDoracle/weblogic_server4 versions+3
CVEListV5oracle_corporation/weblogic_server4 versions+3

Also affects: Debian Linux 8.0, 9.0, Fedora 32, 33

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

3
GHSA
GHSA-rhrf-w5v6-jgp3: Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J)2022-05-24
OSV
CVE-2020-2934: Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J)2020-04-15
CVEList
CVE-2020-2934: Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J)2020-04-15

📋Vendor Advisories

3
Oracle
Oracle Oracle Fusion Middleware Risk Matrix: Datasource (MySQL Connector) — CVE-2020-29342022-01-15
Red Hat
mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete2020-04-15
Oracle
Oracle Oracle MySQL Risk Matrix: Connector/J — CVE-2020-29342020-04-15

💬Community

2
Bugzilla
CVE-2020-2934 mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delet2020-06-25
Bugzilla
CVE-2020-2934 mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delet2020-06-25
CVE-2020-2934 — Oracle Mysql Connector J vulnerability | cvebase