Описание
Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.1.0 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Connectors, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
A vulnerability was found in the MySQL Connectors product of Oracle MySQL (component: Connector/J). This issue may allow unauthenticated attackers with network access via multiple protocols to compromise MySQL Connectors. Successful attacks can result in a takeover of MySQL Connectors.
Отчет
This flaw has been rated as having a security impact of Moderate because it is difficult to exploit and requires user interaction. The package mariadb Java client is available in Red Hat Software Collections. It can be installed this way:
yum-config-manager --enable rhel-server-rhscl-7-rpms
yum install rh-mariadb105-mariadb-java-client
This JDBC driver works fine with both MariaDB and MySQL servers. We recommend use of mariadb-java-client over mysql-java-connector where possible.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| A-MQ Clients 2 | mysql-connector-java | Not affected | ||
| Red Hat build of Apache Camel 4 for Quarkus 3 | mysql-connector-java | Not affected | ||
| Red Hat build of Debezium 1 | mysql-connector-java | Affected | ||
| Red Hat Build of Keycloak | mysql-connector-java | Not affected | ||
| Red Hat build of Quarkus | mysql/mysql-connector-java | Will not fix | ||
| Red Hat Data Grid 8 | mysql-connector-java | Not affected | ||
| Red Hat Decision Manager 7 | mysql-connector-java | Will not fix | ||
| Red Hat Enterprise Linux 6 | mysql-connector-java | Out of support scope | ||
| Red Hat Enterprise Linux 7 | mysql-connector-java | Out of support scope | ||
| Red Hat Fuse 7 | mysql-connector-java | Out of support scope |
Показывать по
Дополнительная информация
Статус:
EPSS
8.3 High
CVSS3
Связанные уязвимости
Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.1.0 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Connectors, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.1.0 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Connectors, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
Vulnerability in the MySQL Connectors product of Oracle MySQL (compone ...
Уязвимость компонента Connector/J драйвера MySQL Connectors системы управления базами данных Oracle MySQL, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
EPSS
8.3 High
CVSS3