CVE-2023-21980Improper Access Control in Oracle Mysql

CWE-284Improper Access Control10 documents9 sources
Severity
7.1HIGHNVD
EPSS
0.4%
top 40.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Oracle MysqlOracle Corporation Mysql Server
Timeline
PublishedApr 18
Latest updateMay 8

Description

Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs). Supported versions that are affected are 5.7.41 and prior and 8.0.32 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.1 (Confi

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

CVEListV5oracle_corporation/mysql_server5.7.41 and prior, 8.0.32 and prior+1
NVDoracle/mysql5.0.05.7.41+1

🔴Vulnerability Details

3
CVEList
CVE-2023-21980: Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs)2023-04-18
OSV
CVE-2023-21980: Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs)2023-04-18
GHSA
GHSA-3x7j-9p25-v8r6: Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs)2023-04-18

📋Vendor Advisories

6
Ubuntu
MySQL vulnerabilities2023-05-08
Ubuntu
MySQL vulnerabilities2023-05-08
Red Hat
mysql: Client programs unspecified vulnerability (CPU Apr 2023)2023-04-18
Oracle
Oracle Oracle MySQL Risk Matrix: Client programs — CVE-2023-219802023-04-15
Microsoft
Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs). Supported versions that are affected are 5.7.41 and prior and 8.0.32 and prior. Difficult to exploit vulnerabi2023-04-11
CVE-2023-21980 — Improper Access Control in Oracle | cvebase