CVE-2023-22102Improper Access Control in Corporation Mysql Connectors

CWE-284Improper Access Control10 documents8 sources
Severity
8.3HIGHNVD
EPSS
3.5%
top 12.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Oracle Corporation Mysql ConnectorsOracle Mysql Connector J
Timeline
PublishedOct 17
Latest updateJan 15

Description

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.1.0 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Connectors, attacks may significantly impact additional products (scope change). Successf

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:HExploitability: 1.6 | Impact: 6.0

Affected Packages2 packages

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

4
GHSA
MySQL Connectors takeover vulnerability2023-10-18
OSV
MySQL Connectors takeover vulnerability2023-10-18
OSV
CVE-2023-22102: Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J)2023-10-17
CVEList
CVE-2023-22102: Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J)2023-10-17

📋Vendor Advisories

4
Oracle
Oracle Oracle Communications Risk Matrix: Platform — CVE-2023-221022024-01-15
Red Hat
mysql-connector-java: Connector/J unspecified vulnerability (CPU October 2023)2023-10-17
Oracle
Oracle Oracle MySQL Risk Matrix: Connector/J — CVE-2023-221022023-10-15
Microsoft
Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.1.0 and prior. Difficult to exploit vulnerability allows unauthentic2023-10-10
CVE-2023-22102 — Improper Access Control | cvebase