Описание
Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
Отчет
Re Hat Satellite does not support using mysql as a back end database, thus the mysql connector is not used in any Satellite installation. The package mariadb Java client is now available in Red Hat Software Collections. It can be installed this way:
This JDBC driver works fine with both, MariaDB and MySQL servers. We recommend use of mariadb-java-client over mysql-java-connector where possible.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | mysql-connector-java | Out of support scope | ||
| Red Hat Enterprise Linux 7 | mysql-connector-java | Will not fix | ||
| Red Hat JBoss Data Grid 7 | mysql-connector-java | Not affected | ||
| Red Hat JBoss Fuse Service Works 6 | mysql-connector-java | Out of support scope | ||
| Red Hat Mobile Application Platform 4 | mysql-connector-java | Out of support scope | ||
| Red Hat Single Sign-On 7 | mysql-connector-java | Not affected | ||
| Red Hat Fuse 7.3.1 | mysql-connector-java | Fixed | RHSA-2019:1545 | 18.06.2019 |
| Red Hat Satellite 6.8 for RHEL 7 | ansible-collection-redhat-satellite | Fixed | RHSA-2020:4366 | 27.10.2020 |
| Red Hat Satellite 6.8 for RHEL 7 | ansiblerole-foreman_scap_client | Fixed | RHSA-2020:4366 | 27.10.2020 |
| Red Hat Satellite 6.8 for RHEL 7 | ansiblerole-insights-client | Fixed | RHSA-2020:4366 | 27.10.2020 |
Показывать по
Дополнительная информация
Статус:
EPSS
8.8 High
CVSS3
Связанные уязвимости
Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
Vulnerability in the MySQL Connectors component of Oracle MySQL (subco ...
Improper Privilege Management in MySQL Connectors Java
Уязвимость подкомпонента Connector/J драйвера MySQL Connectors системы управления базами данных Oracle MySQL, позволяющая нарушителю получить несанкционированный доступ к защищаемым данным
EPSS
8.8 High
CVSS3