Lucene search

K
nvd[email protected]NVD:CVE-2023-21971
HistoryApr 18, 2023 - 8:15 p.m.

CVE-2023-21971

2023-04-1820:15:16
web.nvd.nist.gov
10
mysql connectors
oracle
vulnerability

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:H

EPSS

0.001

Percentile

38.6%

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.32 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors as well as unauthorized update, insert or delete access to some of MySQL Connectors accessible data and unauthorized read access to a subset of MySQL Connectors accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:H).

Affected configurations

Nvd
Node
oraclecommunications_cloud_native_core_binding_support_functionMatch22.4.0
OR
oraclecommunications_cloud_native_core_binding_support_functionMatch23.1.0
OR
oraclecommunications_cloud_native_core_policyMatch22.4.0
OR
oraclecommunications_cloud_native_core_policyMatch23.1.0
OR
oraclemysql_connectorsRange8.0.08.0.32
Node
netappactive_iq_unified_managerMatch-linux
OR
netappactive_iq_unified_managerMatch-vmware_vsphere
OR
netappactive_iq_unified_managerMatch-windows
OR
netapponcommand_insightMatch-
OR
netappsnapcenterMatch-
VendorProductVersionCPE
oraclecommunications_cloud_native_core_binding_support_function22.4.0cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.4.0:*:*:*:*:*:*:*
oraclecommunications_cloud_native_core_binding_support_function23.1.0cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.1.0:*:*:*:*:*:*:*
oraclecommunications_cloud_native_core_policy22.4.0cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.4.0:*:*:*:*:*:*:*
oraclecommunications_cloud_native_core_policy23.1.0cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.1.0:*:*:*:*:*:*:*
oraclemysql_connectors*cpe:2.3:a:oracle:mysql_connectors:*:*:*:*:*:*:*:*
netappactive_iq_unified_manager-cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*
netappactive_iq_unified_manager-cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
netappactive_iq_unified_manager-cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*
netapponcommand_insight-cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
netappsnapcenter-cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:H

EPSS

0.001

Percentile

38.6%