An update that fixes three vulnerabilities is now available.
Description:
This update for mysql-connector-java fixes the following issues:
- CVE-2020-2875: Unauthenticated attacker with network access via multiple
protocols can compromise MySQL Connectors. (bsc#1173600)
- CVE-2020-2934: Fixed a vulnerability which could cause a partial denial
of service of MySQL Connectors. (bsc#1173600)
- CVE-2020-2933: Fixed a vulnerability which could allows high privileged
attacker with network access via multiple protocols to compromise MySQL
Connectors. (bsc#1173600)
This update was imported from the SUSE:SLE-15-SP2:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.2:
zypper in -t patch openSUSE-2021-1126=1
{"id": "OPENSUSE-SU-2021:1126-1", "vendorId": null, "type": "suse", "bulletinFamily": "unix", "title": "Security update for mysql-connector-java (moderate)", "description": "An update that fixes three vulnerabilities is now available.\n\nDescription:\n\n This update for mysql-connector-java fixes the following issues:\n\n - CVE-2020-2875: Unauthenticated attacker with network access via multiple\n protocols can compromise MySQL Connectors. (bsc#1173600)\n - CVE-2020-2934: Fixed a vulnerability which could cause a partial denial\n of service of MySQL Connectors. (bsc#1173600)\n - CVE-2020-2933: Fixed a vulnerability which could allows high privileged\n attacker with network access via multiple protocols to compromise MySQL\n Connectors. (bsc#1173600)\n\n This update was imported from the SUSE:SLE-15-SP2:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.2:\n\n zypper in -t patch openSUSE-2021-1126=1", "published": "2021-08-10T00:00:00", "modified": "2021-08-10T00:00:00", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "accessVector": "NETWORK", "accessComplexity": "HIGH", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 5.1}, "severity": "MEDIUM", "exploitabilityScore": 4.9, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW", "baseScore": 5.0, "baseSeverity": "MEDIUM"}, "exploitabilityScore": 1.6, "impactScore": 3.4}, "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/WS25DT4QDBVK3PBC74G4JTBWADK62LTQ/", "reporter": "Suse", "references": [], "cvelist": ["CVE-2020-2875", "CVE-2020-2933", "CVE-2020-2934"], "immutableFields": [], "lastseen": "2022-04-18T12:40:10", "viewCount": 26, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-2875", "CVE-2020-2933", "CVE-2020-2934"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2245-1:59DF3", "DEBIAN:DSA-4703-1:2A1EC"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2020-2875", "DEBIANCVE:CVE-2020-2933", "DEBIANCVE:CVE-2020-2934"]}, {"type": "fedora", "idList": ["FEDORA:9EC7430C2F41", "FEDORA:D0BCD309C1C9"]}, {"type": "freebsd", "idList": ["622B5C47-855B-11EA-A5E2-D4C9EF517024"]}, {"type": "gentoo", "idList": ["GLSA-202105-27"]}, {"type": "ibm", "idList": ["A1A0398B401BEF610025984C15ACCDF1EDCBAE78A78A09063FD3B2A4DE512BFD"]}, {"type": "mageia", "idList": ["MGASA-2020-0369"]}, {"type": "nessus", "idList": ["DEBIAN_DLA-2245.NASL", "DEBIAN_DSA-4703.NASL", "FEDORA_2020-747EC39700.NASL", "FREEBSD_PKG_622B5C47855B11EAA5E2D4C9EF517024.NASL", "GENTOO_GLSA-202105-27.NASL", "OPENSUSE-2021-1126.NASL", "OPENSUSE-2021-2622.NASL", "ORACLE_MYSQL_CONNECTORS_CPU_APR_2020.NASL", "ORACLE_WEBLOGIC_SERVER_CPU_JAN_2022.NASL", "SUSE_SU-2021-2877-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310704703", "OPENVAS:1361412562310892245"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2020", "ORACLE:CPUJAN2022"]}, {"type": "osv", "idList": ["OSV:DLA-2245-1", "OSV:DSA-4703-1"]}, {"type": "redhat", "idList": ["RHSA-2020:4960", "RHSA-2020:4961", "RHSA-2021:5134"]}, {"type": "redhatcve", "idList": ["RH:CVE-2020-2875", "RH:CVE-2020-2933", "RH:CVE-2020-2934"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:2622-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-2875", "UB:CVE-2020-2933", "UB:CVE-2020-2934"]}, {"type": "veracode", "idList": ["VERACODE:26741"]}]}, "score": {"value": 3.2, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2020-2875", "CVE-2020-2933", "CVE-2020-2934"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2245-1:59DF3", "DEBIAN:DSA-4703-1:2A1EC"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2020-2875", "DEBIANCVE:CVE-2020-2933", "DEBIANCVE:CVE-2020-2934"]}, {"type": "fedora", "idList": ["FEDORA:9EC7430C2F41", "FEDORA:D0BCD309C1C9"]}, {"type": "freebsd", "idList": ["622B5C47-855B-11EA-A5E2-D4C9EF517024"]}, {"type": "gentoo", "idList": ["GLSA-202105-27"]}, {"type": "nessus", "idList": ["FREEBSD_PKG_622B5C47855B11EAA5E2D4C9EF517024.NASL", "OPENSUSE-2021-2622.NASL", "ORACLE_MYSQL_CONNECTORS_CPU_APR_2020.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310704703", "OPENVAS:1361412562310892245"]}, {"type": "redhat", "idList": ["RHSA-2020:4961"]}, {"type": "redhatcve", "idList": ["RH:CVE-2020-2875", "RH:CVE-2020-2933", "RH:CVE-2020-2934"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:2622-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-2933"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2020-2875", "epss": "0.000880000", "percentile": "0.359260000", "modified": "2023-03-17"}, {"cve": "CVE-2020-2933", "epss": "0.001550000", "percentile": "0.501480000", "modified": "2023-03-17"}, {"cve": "CVE-2020-2934", "epss": "0.002540000", "percentile": "0.614310000", "modified": "2023-03-17"}], "vulnersScore": 3.2}, "_state": {"dependencies": 1659998956, "score": 1659911720, "epss": 1679107841}, "_internal": {"score_hash": "f7e0fb3ed339d1c9c234fe4fd8548aa6"}, "affectedPackage": [{"OS": "openSUSE Leap", "OSVersion": "15.2", "arch": "noarch", "operator": "lt", "packageVersion": "- openSUSE Leap 15.2 (noarch):", "packageFilename": "- openSUSE Leap 15.2 (noarch):.noarch.rpm", "packageName": ""}]}
{"fedora": [{"lastseen": "2021-07-28T14:46:51", "description": "MySQL Connector/J is a native Java driver that converts JDBC (Java Database Connectivity) calls into the network protocol used by the MySQL database. It lets developers working with the Java programming language easily build programs and applets that interact with MySQL and connect all corporate data, even in a heterogeneous environment. MySQL Connector/J is a Type IV JDBC driver and has a complete JDBC feature set that supports the capabilities of MySQL. ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "baseScore": 5.0, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 3.4}, "published": "2020-09-03T16:40:47", "type": "fedora", "title": "[SECURITY] Fedora 32 Update: mysql-connector-java-8.0.21-1.fc32", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-2875", "CVE-2020-2933", "CVE-2020-2934"], "modified": "2020-09-03T16:40:47", "id": "FEDORA:D0BCD309C1C9", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/4QDR2WOUETBT76WAO5NNCCXSAM3AGG3D/", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:46:51", "description": "MySQL Connector/J is a native Java driver that converts JDBC (Java Database Connectivity) calls into the network protocol used by the MySQL database. It lets developers working with the Java programming language easily build programs and applets that interact with MySQL and connect all corporate data, even in a heterogeneous environment. MySQL Connector/J is a Type IV JDBC driver and has a complete JDBC feature set that supports the capabilities of MySQL. ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "baseScore": 5.0, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 3.4}, "published": "2020-09-25T17:06:39", "type": "fedora", "title": "[SECURITY] Fedora 33 Update: mysql-connector-java-8.0.21-1.fc33", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-2875", "CVE-2020-2933", "CVE-2020-2934"], "modified": "2020-09-25T17:06:39", "id": "FEDORA:9EC7430C2F41", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/MDKQVPFT4Z4SFPBH6YNFMJOXKS2YYKHA/", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2023-01-11T14:54:05", "description": "The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:2622-1 advisory.\n\n - Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.14 and prior and 5.1.48 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors.\n Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Connectors, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data as well as unauthorized read access to a subset of MySQL Connectors accessible data. CVSS 3.0 Base Score 4.7 (Confidentiality and Integrity impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N). (CVE-2020-2875)\n\n - Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 5.1.48 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Connectors. CVSS 3.0 Base Score 2.2 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L). (CVE-2020-2933)\n\n - Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.19 and prior and 5.1.48 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors.\n Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data as well as unauthorized read access to a subset of MySQL Connectors accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Connectors. CVSS 3.0 Base Score 5.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L). (CVE-2020-2934)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 5.0, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.4}, "published": "2021-08-06T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : mysql-connector-java (openSUSE-SU-2021:2622-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-2875", "CVE-2020-2933", "CVE-2020-2934"], "modified": "2021-08-06T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:mysql-connector-java", "cpe:/o:novell:opensuse:15.3"], "id": "OPENSUSE-2021-2622.NASL", "href": "https://www.tenable.com/plugins/nessus/152255", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2021:2622-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152255);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/06\");\n\n script_cve_id(\"CVE-2020-2875\", \"CVE-2020-2933\", \"CVE-2020-2934\");\n script_xref(name:\"IAVA\", value:\"2020-A-0153\");\n\n script_name(english:\"openSUSE 15 Security Update : mysql-connector-java (openSUSE-SU-2021:2622-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2021:2622-1 advisory.\n\n - Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions\n that are affected are 8.0.14 and prior and 5.1.48 and prior. Difficult to exploit vulnerability allows\n unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors.\n Successful attacks require human interaction from a person other than the attacker and while the\n vulnerability is in MySQL Connectors, attacks may significantly impact additional products. Successful\n attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL\n Connectors accessible data as well as unauthorized read access to a subset of MySQL Connectors accessible\n data. CVSS 3.0 Base Score 4.7 (Confidentiality and Integrity impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N). (CVE-2020-2875)\n\n - Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions\n that are affected are 5.1.48 and prior. Difficult to exploit vulnerability allows high privileged attacker\n with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of\n MySQL Connectors. CVSS 3.0 Base Score 2.2 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L). (CVE-2020-2933)\n\n - Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions\n that are affected are 8.0.19 and prior and 5.1.48 and prior. Difficult to exploit vulnerability allows\n unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors.\n Successful attacks require human interaction from a person other than the attacker. Successful attacks of\n this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors\n accessible data as well as unauthorized read access to a subset of MySQL Connectors accessible data and\n unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Connectors. CVSS 3.0 Base\n Score 5.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L). (CVE-2020-2934)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1173600\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/KHHGZ3MEHVZT3NYQIEG5WTISHLXRLW3D/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?57cd638d\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-2875\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-2933\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-2934\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected mysql-connector-java package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-2934\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/08/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-connector-java\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.3\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'mysql-connector-java-5.1.47-3.3.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'mysql-connector-java');\n}\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:53:34", "description": "The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1126-1 advisory.\n\n - Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.14 and prior and 5.1.48 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors.\n Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Connectors, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data as well as unauthorized read access to a subset of MySQL Connectors accessible data. CVSS 3.0 Base Score 4.7 (Confidentiality and Integrity impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N). (CVE-2020-2875)\n\n - Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 5.1.48 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Connectors. CVSS 3.0 Base Score 2.2 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L). (CVE-2020-2933)\n\n - Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.19 and prior and 5.1.48 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors.\n Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data as well as unauthorized read access to a subset of MySQL Connectors accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Connectors. CVSS 3.0 Base Score 5.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L). (CVE-2020-2934)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 5.0, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.4}, "published": "2021-08-11T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : mysql-connector-java (openSUSE-SU-2021:1126-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-2875", "CVE-2020-2933", "CVE-2020-2934"], "modified": "2021-08-11T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:mysql-connector-java", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2021-1126.NASL", "href": "https://www.tenable.com/plugins/nessus/152456", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2021:1126-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152456);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/11\");\n\n script_cve_id(\"CVE-2020-2875\", \"CVE-2020-2933\", \"CVE-2020-2934\");\n script_xref(name:\"IAVA\", value:\"2020-A-0153\");\n\n script_name(english:\"openSUSE 15 Security Update : mysql-connector-java (openSUSE-SU-2021:1126-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2021:1126-1 advisory.\n\n - Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions\n that are affected are 8.0.14 and prior and 5.1.48 and prior. Difficult to exploit vulnerability allows\n unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors.\n Successful attacks require human interaction from a person other than the attacker and while the\n vulnerability is in MySQL Connectors, attacks may significantly impact additional products. Successful\n attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL\n Connectors accessible data as well as unauthorized read access to a subset of MySQL Connectors accessible\n data. CVSS 3.0 Base Score 4.7 (Confidentiality and Integrity impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N). (CVE-2020-2875)\n\n - Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions\n that are affected are 5.1.48 and prior. Difficult to exploit vulnerability allows high privileged attacker\n with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of\n MySQL Connectors. CVSS 3.0 Base Score 2.2 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L). (CVE-2020-2933)\n\n - Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions\n that are affected are 8.0.19 and prior and 5.1.48 and prior. Difficult to exploit vulnerability allows\n unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors.\n Successful attacks require human interaction from a person other than the attacker. Successful attacks of\n this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors\n accessible data as well as unauthorized read access to a subset of MySQL Connectors accessible data and\n unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Connectors. CVSS 3.0 Base\n Score 5.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L). (CVE-2020-2934)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1173600\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/WS25DT4QDBVK3PBC74G4JTBWADK62LTQ/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2de7fb02\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-2875\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-2933\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-2934\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected mysql-connector-java package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-2934\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/08/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:mysql-connector-java\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.2', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'mysql-connector-java-5.1.47-lp152.2.3.1', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'mysql-connector-java');\n}\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-24T14:28:08", "description": "Rebased to version 8.0.21\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 5.0, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.4}, "published": "2020-09-04T00:00:00", "type": "nessus", "title": "Fedora 32 : 1:mysql-connector-java (2020-747ec39700)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-2875", "CVE-2020-2933", "CVE-2020-2934"], "modified": "2020-09-08T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:1:mysql-connector-java", "cpe:/o:fedoraproject:fedora:32"], "id": "FEDORA_2020-747EC39700.NASL", "href": "https://www.tenable.com/plugins/nessus/140230", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-747ec39700.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(140230);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/08\");\n\n script_cve_id(\"CVE-2020-2875\", \"CVE-2020-2933\", \"CVE-2020-2934\");\n script_xref(name:\"FEDORA\", value:\"2020-747ec39700\");\n\n script_name(english:\"Fedora 32 : 1:mysql-connector-java (2020-747ec39700)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Rebased to version 8.0.21\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-747ec39700\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected 1:mysql-connector-java package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:mysql-connector-java\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:32\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^32([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 32\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC32\", reference:\"mysql-connector-java-8.0.21-1.fc32\", epoch:\"1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"1:mysql-connector-java\");\n}\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T15:09:46", "description": "The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by the following vulnerabilities as referenced in the April 2020 CPU advisory:\n\n - A vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.14 and prior and 5.1.48 and prior. This is a difficult to exploit vulnerability that allows an unauthenticated attacker, remote attacker via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Connectors, attacks may significantly impact additional products. Successful attacks involving this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data as well as unauthorized read access to a subset of MySQL Connectors accessible data. (CVE-2020-2875) \n\n - A vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 5.1.48 and prior. This is a difficult to exploit vulnerability that allows a high privileged, remote attacker via multiple protocols to compromise MySQL Connectors. Successful attacks involving this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Connectors. (CVE-2020-2933)\n\n - A vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.19 and prior and 5.1.48 and prior. This is a difficult to exploit vulnerability allows an unauthenticated, remote attacker via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks involving this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data as well as unauthorized read access to a subset of MySQL Connectors accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Connectors. (CVE-2020-2934)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 5.0, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.4}, "published": "2020-04-15T00:00:00", "type": "nessus", "title": "Oracle MySQL Connectors (Apr 2020 CPU)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-2875", "CVE-2020-2933", "CVE-2020-2934"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:oracle:mysql_connectors"], "id": "ORACLE_MYSQL_CONNECTORS_CPU_APR_2020.NASL", "href": "https://www.tenable.com/plugins/nessus/135588", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(135588);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2020-2875\", \"CVE-2020-2933\", \"CVE-2020-2934\");\n script_xref(name:\"IAVA\", value:\"2020-A-0143\");\n\n script_name(english:\"Oracle MySQL Connectors (Apr 2020 CPU)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by multiple vulnerabilities\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by\nthe following vulnerabilities as referenced in the April 2020 CPU advisory:\n\n - A vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported\n versions that are affected are 8.0.14 and prior and 5.1.48 and prior. This is a difficult to exploit\n vulnerability that allows an unauthenticated attacker, remote attacker via multiple protocols to\n compromise MySQL Connectors. Successful attacks require human interaction from a person other than the\n attacker and while the vulnerability is in MySQL Connectors, attacks may significantly impact additional\n products. Successful attacks involving this vulnerability can result in unauthorized update, insert or\n delete access to some of MySQL Connectors accessible data as well as unauthorized read access to a subset\n of MySQL Connectors accessible data. (CVE-2020-2875) \n\n - A vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported\n versions that are affected are 5.1.48 and prior. This is a difficult to exploit vulnerability that allows\n a high privileged, remote attacker via multiple protocols to compromise MySQL Connectors. Successful\n attacks involving this vulnerability can result in unauthorized ability to cause a partial denial of\n service (partial DOS) of MySQL Connectors. (CVE-2020-2933)\n\n - A vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported\n versions that are affected are 8.0.19 and prior and 5.1.48 and prior. This is a difficult to exploit\n vulnerability allows an unauthenticated, remote attacker via multiple protocols to compromise MySQL\n Connectors. Successful attacks require human interaction from a person other than the attacker. Successful\n attacks involving this vulnerability can result in unauthorized update, insert or delete access to some of\n MySQL Connectors accessible data as well as unauthorized read access to a subset of MySQL Connectors\n accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL\n Connectors. (CVE-2020-2934)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/security-alerts/cpuapr2020.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the April 2020 Oracle Critical Patch Update advisory.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-2934\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:mysql_connectors\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mysql_connectors_version_nix.nbin\", \"mysql_connectors_version_win.nbin\");\n script_require_keys(\"installed_sw/MySQL Connector\");\n\n exit(0);\n}\ninclude('vcf.inc');\n\napp_info = vcf::get_app_info(app:'MySQL Connector');\nproduct = tolower(app_info['Product']);\n\nvcf::check_granularity(app_info:app_info, sig_segments:3);\n\nif ('java' >< product)\n constraints = [\n {'min_version': '5.1.0', 'fixed_version': '5.1.49'},\n {'min_version': '8.0.0', 'fixed_version': '8.0.20'}\n ];\nelse\n audit(AUDIT_PACKAGE_NOT_AFFECTED, product);\n\nvcf::check_version_and_report(app_info: app_info, constraints: constraints, severity: SECURITY_WARNING);\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T15:14:07", "description": "Several issues were discovered in mysql-connector-java, a Java database (JDBC) driver for MySQL, that allow attackers to update, insert or delete access to some of MySQL Connectors accessible data, unauthorized read access to a subset of the data, and partial denial of service.\n\nFor Debian 8 'Jessie', these problems have been fixed in version 5.1.49-0+deb8u1.\n\nWe recommend that you upgrade your mysql-connector-java packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 5.0, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.4}, "published": "2020-06-12T00:00:00", "type": "nessus", "title": "Debian DLA-2245-1 : mysql-connector-java security update", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-2875", "CVE-2020-2933", "CVE-2020-2934"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libmysql-java", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DLA-2245.NASL", "href": "https://www.tenable.com/plugins/nessus/137372", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2245-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(137372);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2020-2875\", \"CVE-2020-2933\", \"CVE-2020-2934\");\n\n script_name(english:\"Debian DLA-2245-1 : mysql-connector-java security update\");\n script_summary(english:\"Checks dpkg output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Several issues were discovered in mysql-connector-java, a Java\ndatabase (JDBC) driver for MySQL, that allow attackers to update,\ninsert or delete access to some of MySQL Connectors accessible data,\nunauthorized read access to a subset of the data, and partial denial\nof service.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n5.1.49-0+deb8u1.\n\nWe recommend that you upgrade your mysql-connector-java packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2020/06/msg00015.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/mysql-connector-java\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Upgrade the affected libmysql-java package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmysql-java\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"libmysql-java\", reference:\"5.1.49-0+deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T15:14:53", "description": "Three vulnerabilities have been found in the MySQL Connector/J JDBC driver.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 5.0, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.4}, "published": "2020-06-12T00:00:00", "type": "nessus", "title": "Debian DSA-4703-1 : mysql-connector-java - security update", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-2875", "CVE-2020-2933", "CVE-2020-2934"], "modified": "2020-06-18T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:mysql-connector-java", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-4703.NASL", "href": "https://www.tenable.com/plugins/nessus/137376", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4703. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(137376);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/18\");\n\n script_cve_id(\"CVE-2020-2875\", \"CVE-2020-2933\", \"CVE-2020-2934\");\n script_xref(name:\"DSA\", value:\"4703\");\n\n script_name(english:\"Debian DSA-4703-1 : mysql-connector-java - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Three vulnerabilities have been found in the MySQL Connector/J JDBC\ndriver.\"\n );\n # https://security-tracker.debian.org/tracker/source-package/mysql-connector-java\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fd33382a\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/mysql-connector-java\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2020/dsa-4703\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade the mysql-connector-java packages.\n\nFor the oldstable distribution (stretch), these problems have been\nfixed in version 5.1.49-0+deb9u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mysql-connector-java\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"libmysql-java\", reference:\"5.1.49-0+deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:54:32", "description": "The remote SUSE Linux SLED12 / SLES12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2877-1 advisory.\n\n - Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.14 and prior and 5.1.48 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors.\n Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Connectors, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data as well as unauthorized read access to a subset of MySQL Connectors accessible data. CVSS 3.0 Base Score 4.7 (Confidentiality and Integrity impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N). (CVE-2020-2875)\n\n - Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 5.1.48 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Connectors. CVSS 3.0 Base Score 2.2 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L). (CVE-2020-2933)\n\n - Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.19 and prior and 5.1.48 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors.\n Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data as well as unauthorized read access to a subset of MySQL Connectors accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Connectors. CVSS 3.0 Base Score 5.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L). (CVE-2020-2934)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 5.0, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.4}, "published": "2021-08-31T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : mysql-connector-java (SUSE-SU-2021:2877-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-2875", "CVE-2020-2933", "CVE-2020-2934"], "modified": "2021-08-31T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:mysql-connector-java", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2021-2877-1.NASL", "href": "https://www.tenable.com/plugins/nessus/152921", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2021:2877-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152921);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/31\");\n\n script_cve_id(\"CVE-2020-2875\", \"CVE-2020-2933\", \"CVE-2020-2934\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2021:2877-1\");\n script_xref(name:\"IAVA\", value:\"2020-A-0153\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : mysql-connector-java (SUSE-SU-2021:2877-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLED12 / SLES12 host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2021:2877-1 advisory.\n\n - Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions\n that are affected are 8.0.14 and prior and 5.1.48 and prior. Difficult to exploit vulnerability allows\n unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors.\n Successful attacks require human interaction from a person other than the attacker and while the\n vulnerability is in MySQL Connectors, attacks may significantly impact additional products. Successful\n attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL\n Connectors accessible data as well as unauthorized read access to a subset of MySQL Connectors accessible\n data. CVSS 3.0 Base Score 4.7 (Confidentiality and Integrity impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N). (CVE-2020-2875)\n\n - Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions\n that are affected are 5.1.48 and prior. Difficult to exploit vulnerability allows high privileged attacker\n with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of\n MySQL Connectors. CVSS 3.0 Base Score 2.2 (Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L). (CVE-2020-2933)\n\n - Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions\n that are affected are 8.0.19 and prior and 5.1.48 and prior. Difficult to exploit vulnerability allows\n unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors.\n Successful attacks require human interaction from a person other than the attacker. Successful attacks of\n this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors\n accessible data as well as unauthorized read access to a subset of MySQL Connectors accessible data and\n unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Connectors. CVSS 3.0 Base\n Score 5.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector:\n (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L). (CVE-2020-2934)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1173600\");\n # https://lists.suse.com/pipermail/sle-security-updates/2021-August/009371.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d275fe25\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-2875\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-2933\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-2934\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected mysql-connector-java package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-2934\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/08/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:mysql-connector-java\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED12 / SLES12', 'SUSE ' + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);\n\nvar sp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP5\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP5\", os_ver + \" SP\" + sp);\n\nvar pkgs = [\n {'reference':'mysql-connector-java-5.1.42-5.7.1', 'sp':'5', 'release':'SLED12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-sdk-release-12.5'},\n {'reference':'mysql-connector-java-5.1.42-5.7.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-sdk-release-12.5'}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (exists_check) {\n if (!rpm_exists(release:release, rpm:exists_check)) continue;\n if ('ltss' >< tolower(exists_check)) ltss_caveat_required = TRUE;\n }\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'mysql-connector-java');\n}\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-25T14:33:33", "description": "Oracle reports :\n\nThis Critical Patch Update contains 45 new security patches for Oracle MySQL. 9 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-04-24T00:00:00", "type": "nessus", "title": "FreeBSD : MySQL Client -- Multiple vulerabilities (622b5c47-855b-11ea-a5e2-d4c9ef517024)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-2752", "CVE-2020-2875", "CVE-2020-2922", "CVE-2020-2933", "CVE-2020-2934"], "modified": "2020-05-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:mysql-connector-c", "p-cpe:/a:freebsd:freebsd:mysql-connector-c%2b%2b", "p-cpe:/a:freebsd:freebsd:mysql-connector-java", "p-cpe:/a:freebsd:freebsd:mysql56-client", "p-cpe:/a:freebsd:freebsd:mysql57-client", "p-cpe:/a:freebsd:freebsd:mysql80-client", "p-cpe:/a:freebsd:freebsd:percona55-client", "p-cpe:/a:freebsd:freebsd:percona56-client", "p-cpe:/a:freebsd:freebsd:percona57-client", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_622B5C47855B11EAA5E2D4C9EF517024.NASL", "href": "https://www.tenable.com/plugins/nessus/135942", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2020 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(135942);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/06\");\n\n script_cve_id(\"CVE-2020-2752\", \"CVE-2020-2875\", \"CVE-2020-2922\", \"CVE-2020-2933\", \"CVE-2020-2934\");\n script_xref(name:\"IAVA\", value:\"2020-A-0143\");\n\n script_name(english:\"FreeBSD : MySQL Client -- Multiple vulerabilities (622b5c47-855b-11ea-a5e2-d4c9ef517024)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Oracle reports :\n\nThis Critical Patch Update contains 45 new security patches for Oracle\nMySQL. 9 of these vulnerabilities may be remotely exploitable without\nauthentication, i.e., may be exploited over a network without\nrequiring user credentials.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.oracle.com/security-alerts/cpujan2020.html\"\n );\n # https://vuxml.freebsd.org/freebsd/622b5c47-855b-11ea-a5e2-d4c9ef517024.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6b429f05\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-2934\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mysql-connector-c\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mysql-connector-c++\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mysql-connector-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mysql56-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mysql57-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mysql80-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:percona55-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:percona56-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:percona57-client\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/24\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"mysql56-client<5.6.48\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mysql57-client<5.7.30\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mysql80-client<8.0.20\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mysql-connector-c<8.0.20\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mysql-connector-c++<8.0.20\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mysql-connector-java<8.0.20\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"percona55-client<5.5.68\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"percona56-client<5.6.48\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"percona57-client<5.7.30\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-10T19:16:10", "description": "The 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0 versions of WebLogic Server installed on the remote host are affected by multiple vulnerabilities as referenced in the January 2022 CPU advisory.\n\n - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core).\n Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. (CVE-2022-21306)\n\n - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Container). Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0.\n Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). (CVE-2022-21371)\n\n - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Samples).\n Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server.\n Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. (CVE-2022-21292)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-26T00:00:00", "type": "nessus", "title": "Oracle WebLogic Server (Jan 2022 CPU)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1324", "CVE-2019-10219", "CVE-2020-11023", "CVE-2020-13956", "CVE-2020-2934", "CVE-2020-5258", "CVE-2021-27568", "CVE-2021-29425", "CVE-2021-4104", "CVE-2021-44832", "CVE-2022-21252", "CVE-2022-21257", "CVE-2022-21258", "CVE-2022-21259", "CVE-2022-21260", "CVE-2022-21261", "CVE-2022-21262", "CVE-2022-21292", "CVE-2022-21306", "CVE-2022-21347", "CVE-2022-21350", "CVE-2022-21353", "CVE-2022-21361", "CVE-2022-21371", "CVE-2022-21386"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/a:oracle:fusion_middleware", "cpe:/a:oracle:weblogic_server"], "id": "ORACLE_WEBLOGIC_SERVER_CPU_JAN_2022.NASL", "href": "https://www.tenable.com/plugins/nessus/157127", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157127);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2018-1324\",\n \"CVE-2019-10219\",\n \"CVE-2020-2934\",\n \"CVE-2020-5258\",\n \"CVE-2020-11023\",\n \"CVE-2020-13956\",\n \"CVE-2021-4104\",\n \"CVE-2021-27568\",\n \"CVE-2021-29425\",\n \"CVE-2021-44832\",\n \"CVE-2022-21252\",\n \"CVE-2022-21257\",\n \"CVE-2022-21258\",\n \"CVE-2022-21259\",\n \"CVE-2022-21260\",\n \"CVE-2022-21261\",\n \"CVE-2022-21262\",\n \"CVE-2022-21292\",\n \"CVE-2022-21306\",\n \"CVE-2022-21347\",\n \"CVE-2022-21350\",\n \"CVE-2022-21353\",\n \"CVE-2022-21361\",\n \"CVE-2022-21371\",\n \"CVE-2022-21386\"\n );\n script_xref(name:\"IAVA\", value:\"2022-A-0029\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"Oracle WebLogic Server (Jan 2022 CPU)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by multiple vulnerabilities\");\n script_set_attribute(attribute:\"description\", value:\n\"The 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0 versions of WebLogic Server installed on the remote host are\naffected by multiple vulnerabilities as referenced in the January 2022 CPU advisory.\n\n - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core).\n Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily\n exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle\n WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic\n Server. (CVE-2022-21306)\n\n - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web\n Container). Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0.\n Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to\n compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized\n access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base\n Score 7.5 (Confidentiality impacts). (CVE-2022-21371)\n\n - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Samples).\n Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability\n allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server.\n Successful attacks of this vulnerability can result in unauthorized access to critical data or complete\n access to all Oracle WebLogic Server accessible data. (CVE-2022-21292)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/a/tech/docs/cpujan2022cvrf.xml\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/security-alerts/cpujan2022.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the January 2022 Oracle Critical Patch Update advisory.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-44832\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/01/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/01/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:fusion_middleware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:weblogic_server\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"oracle_weblogic_server_installed.nbin\", \"os_fingerprint.nasl\");\n script_require_keys(\"installed_sw/Oracle WebLogic Server\");\n\n exit(0);\n}\n\ninclude('vcf_extras_oracle.inc');\n\nvar app_info = vcf::oracle_weblogic::get_app_info();\n\nvar constraints = [\n {'min_version' : '14.1.1.0', 'fixed_version' : '14.1.1.0.220105', 'fixed_display' : '33727619 or 33751244'},\n {'min_version' : '12.2.1.4', 'fixed_version' : '12.2.1.4.220105', 'fixed_display' : '33751264 or 33727616'},\n {'min_version' : '12.2.1.3', 'fixed_version' : '12.2.1.3.211222', 'fixed_display' : '33699205 or 33751288'},\n {'min_version' : '12.1.3.0', 'fixed_version' : '12.1.3.0.220118', 'fixed_display' : '33494824 or later'}\n];\n\nvcf::oracle_weblogic::check_version_and_report(app_info:app_info, severity:SECURITY_HOLE, constraints:constraints);\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-01-10T18:59:57", "description": "The remote host is affected by the vulnerability described in GLSA-202105-27 (MySQL: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in MySQL. Please review the CVE identifiers referenced below for details.\n Impact :\n\n An attacker could possibly execute arbitrary code with the privileges of the process, escalate privileges, gain access to critical data or complete access to all MySQL server accessible data, or cause a Denial of Service condition.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-24T00:00:00", "type": "nessus", "title": "GLSA-202105-27 : MySQL: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 5.1, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.7, "vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-2938", "CVE-2019-2974", "CVE-2020-14539", "CVE-2020-14540", "CVE-2020-14547", "CVE-2020-14550", "CVE-2020-14553", "CVE-2020-14559", "CVE-2020-14564", "CVE-2020-14567", "CVE-2020-14568", "CVE-2020-14575", "CVE-2020-14576", "CVE-2020-14586", "CVE-2020-14591", "CVE-2020-14597", "CVE-2020-14614", "CVE-2020-14619", "CVE-2020-14620", "CVE-2020-14623", "CVE-2020-14624", "CVE-2020-14626", "CVE-2020-14631", "CVE-2020-14632", "CVE-2020-14633", "CVE-2020-14634", "CVE-2020-14641", "CVE-2020-14643", "CVE-2020-14651", "CVE-2020-14654", "CVE-2020-14656", "CVE-2020-14663", "CVE-2020-14672", "CVE-2020-14678", "CVE-2020-14680", "CVE-2020-14697", "CVE-2020-14702", "CVE-2020-14725", "CVE-2020-14760", "CVE-2020-14765", "CVE-2020-14769", "CVE-2020-14771", "CVE-2020-14773", "CVE-2020-14775", "CVE-2020-14776", "CVE-2020-14777", "CVE-2020-14785", "CVE-2020-14786", "CVE-2020-14789", "CVE-2020-14790", "CVE-2020-14791", "CVE-2020-14793", "CVE-2020-14794", "CVE-2020-14799", "CVE-2020-14800", "CVE-2020-14804", "CVE-2020-14809", "CVE-2020-14812", "CVE-2020-14814", "CVE-2020-14821", "CVE-2020-14827", "CVE-2020-14828", "CVE-2020-14829", "CVE-2020-14830", "CVE-2020-14836", "CVE-2020-14837", "CVE-2020-14838", "CVE-2020-14839", "CVE-2020-14844", "CVE-2020-14845", "CVE-2020-14846", "CVE-2020-14848", "CVE-2020-14852", "CVE-2020-14853", "CVE-2020-14860", "CVE-2020-14861", "CVE-2020-14866", "CVE-2020-14867", "CVE-2020-14868", "CVE-2020-14869", "CVE-2020-14870", "CVE-2020-14873", "CVE-2020-14878", "CVE-2020-14888", "CVE-2020-14891", "CVE-2020-14893", "CVE-2020-2570", "CVE-2020-2572", "CVE-2020-2573", "CVE-2020-2574", "CVE-2020-2577", "CVE-2020-2579", "CVE-2020-2580", "CVE-2020-2584", "CVE-2020-2588", "CVE-2020-2589", "CVE-2020-2627", "CVE-2020-2660", "CVE-2020-2679", "CVE-2020-2686", "CVE-2020-2694", "CVE-2020-2752", "CVE-2020-2759", "CVE-2020-2760", "CVE-2020-2761", "CVE-2020-2762", "CVE-2020-2763", "CVE-2020-2765", "CVE-2020-2768", "CVE-2020-2770", "CVE-2020-2774", "CVE-2020-2779", "CVE-2020-2780", "CVE-2020-2790", "CVE-2020-2804", "CVE-2020-2806", "CVE-2020-2812", "CVE-2020-2814", "CVE-2020-2853", "CVE-2020-2875", "CVE-2020-2892", "CVE-2020-2893", "CVE-2020-2895", "CVE-2020-2896", "CVE-2020-2897", "CVE-2020-2898", "CVE-2020-2901", "CVE-2020-2903", "CVE-2020-2904", "CVE-2020-2921", "CVE-2020-2922", "CVE-2020-2923", "CVE-2020-2924", "CVE-2020-2925", "CVE-2020-2926", "CVE-2020-2928", "CVE-2020-2930", "CVE-2020-2933", "CVE-2020-2934", "CVE-2021-1998", "CVE-2021-2001", "CVE-2021-2002", "CVE-2021-2006", "CVE-2021-2007", "CVE-2021-2009", "CVE-2021-2010", "CVE-2021-2011", "CVE-2021-2012", "CVE-2021-2014", "CVE-2021-2016", "CVE-2021-2019", "CVE-2021-2020", "CVE-2021-2021", "CVE-2021-2022", "CVE-2021-2024", "CVE-2021-2028", "CVE-2021-2030", "CVE-2021-2031", "CVE-2021-2032", "CVE-2021-2036", "CVE-2021-2038", "CVE-2021-2042", "CVE-2021-2046", "CVE-2021-2048", "CVE-2021-2055", "CVE-2021-2056", "CVE-2021-2058", "CVE-2021-2060", "CVE-2021-2061", "CVE-2021-2065", "CVE-2021-2070", "CVE-2021-2072", "CVE-2021-2076", "CVE-2021-2081", "CVE-2021-2087", "CVE-2021-2088", "CVE-2021-2122", "CVE-2021-2154", "CVE-2021-2166", "CVE-2021-2180"], "modified": "2022-12-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:mysql", "p-cpe:/a:gentoo:linux:mysql-connector-c", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-202105-27.NASL", "href": "https://www.tenable.com/plugins/nessus/156994", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 202105-27.\n#\n# The advisory text is Copyright (C) 2001-2022 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(156994);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/06\");\n\n script_cve_id(\"CVE-2019-2938\", \"CVE-2019-2974\", \"CVE-2020-14539\", \"CVE-2020-14540\", \"CVE-2020-14547\", \"CVE-2020-14550\", \"CVE-2020-14553\", \"CVE-2020-14559\", \"CVE-2020-14564\", \"CVE-2020-14567\", \"CVE-2020-14568\", \"CVE-2020-14575\", \"CVE-2020-14576\", \"CVE-2020-14586\", \"CVE-2020-14591\", \"CVE-2020-14597\", \"CVE-2020-14614\", \"CVE-2020-14619\", \"CVE-2020-14620\", \"CVE-2020-14623\", \"CVE-2020-14624\", \"CVE-2020-14626\", \"CVE-2020-14631\", \"CVE-2020-14632\", \"CVE-2020-14633\", \"CVE-2020-14634\", \"CVE-2020-14641\", \"CVE-2020-14643\", \"CVE-2020-14651\", \"CVE-2020-14654\", \"CVE-2020-14656\", \"CVE-2020-14663\", \"CVE-2020-14672\", \"CVE-2020-14678\", \"CVE-2020-14680\", \"CVE-2020-14697\", \"CVE-2020-14702\", \"CVE-2020-14725\", \"CVE-2020-14760\", \"CVE-2020-14765\", \"CVE-2020-14769\", \"CVE-2020-14771\", \"CVE-2020-14773\", \"CVE-2020-14775\", \"CVE-2020-14776\", \"CVE-2020-14777\", \"CVE-2020-14785\", \"CVE-2020-14786\", \"CVE-2020-14789\", \"CVE-2020-14790\", \"CVE-2020-14791\", \"CVE-2020-14793\", \"CVE-2020-14794\", \"CVE-2020-14799\", \"CVE-2020-14800\", \"CVE-2020-14804\", \"CVE-2020-14809\", \"CVE-2020-14812\", \"CVE-2020-14814\", \"CVE-2020-14821\", \"CVE-2020-14827\", \"CVE-2020-14828\", \"CVE-2020-14829\", \"CVE-2020-14830\", \"CVE-2020-14836\", \"CVE-2020-14837\", \"CVE-2020-14838\", \"CVE-2020-14839\", \"CVE-2020-14844\", \"CVE-2020-14845\", \"CVE-2020-14846\", \"CVE-2020-14848\", \"CVE-2020-14852\", \"CVE-2020-14853\", \"CVE-2020-14860\", \"CVE-2020-14861\", \"CVE-2020-14866\", \"CVE-2020-14867\", \"CVE-2020-14868\", \"CVE-2020-14869\", \"CVE-2020-14870\", \"CVE-2020-14873\", \"CVE-2020-14878\", \"CVE-2020-14888\", \"CVE-2020-14891\", \"CVE-2020-14893\", \"CVE-2020-2570\", \"CVE-2020-2572\", \"CVE-2020-2573\", \"CVE-2020-2574\", \"CVE-2020-2577\", \"CVE-2020-2579\", \"CVE-2020-2580\", \"CVE-2020-2584\", \"CVE-2020-2588\", \"CVE-2020-2589\", \"CVE-2020-2627\", \"CVE-2020-2660\", \"CVE-2020-2679\", \"CVE-2020-2686\", \"CVE-2020-2694\", \"CVE-2020-2752\", \"CVE-2020-2759\", \"CVE-2020-2760\", \"CVE-2020-2761\", \"CVE-2020-2762\", \"CVE-2020-2763\", \"CVE-2020-2765\", \"CVE-2020-2768\", \"CVE-2020-2770\", \"CVE-2020-2774\", \"CVE-2020-2779\", \"CVE-2020-2780\", \"CVE-2020-2790\", \"CVE-2020-2804\", \"CVE-2020-2806\", \"CVE-2020-2812\", \"CVE-2020-2814\", \"CVE-2020-2853\", \"CVE-2020-2875\", \"CVE-2020-2892\", \"CVE-2020-2893\", \"CVE-2020-2895\", \"CVE-2020-2896\", \"CVE-2020-2897\", \"CVE-2020-2898\", \"CVE-2020-2901\", \"CVE-2020-2903\", \"CVE-2020-2904\", \"CVE-2020-2921\", \"CVE-2020-2922\", \"CVE-2020-2923\", \"CVE-2020-2924\", \"CVE-2020-2925\", \"CVE-2020-2926\", \"CVE-2020-2928\", \"CVE-2020-2930\", \"CVE-2020-2933\", \"CVE-2020-2934\", \"CVE-2021-1998\", \"CVE-2021-2001\", \"CVE-2021-2002\", \"CVE-2021-2006\", \"CVE-2021-2007\", \"CVE-2021-2009\", \"CVE-2021-2010\", \"CVE-2021-2011\", \"CVE-2021-2012\", \"CVE-2021-2014\", \"CVE-2021-2016\", \"CVE-2021-2019\", \"CVE-2021-2020\", \"CVE-2021-2021\", \"CVE-2021-2022\", \"CVE-2021-2024\", \"CVE-2021-2028\", \"CVE-2021-2030\", \"CVE-2021-2031\", \"CVE-2021-2032\", \"CVE-2021-2036\", \"CVE-2021-2038\", \"CVE-2021-2042\", \"CVE-2021-2046\", \"CVE-2021-2048\", \"CVE-2021-2055\", \"CVE-2021-2056\", \"CVE-2021-2058\", \"CVE-2021-2060\", \"CVE-2021-2061\", \"CVE-2021-2065\", \"CVE-2021-2070\", \"CVE-2021-2072\", \"CVE-2021-2076\", \"CVE-2021-2081\", \"CVE-2021-2087\", \"CVE-2021-2088\", \"CVE-2021-2122\", \"CVE-2021-2154\", \"CVE-2021-2166\", \"CVE-2021-2180\");\n script_xref(name:\"GLSA\", value:\"202105-27\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0004\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"GLSA-202105-27 : MySQL: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host is affected by the vulnerability described in GLSA-202105-27\n(MySQL: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in MySQL. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n An attacker could possibly execute arbitrary code with the privileges of\n the process, escalate privileges, gain access to critical data or\n complete access to all MySQL server accessible data, or cause a Denial of\n Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/202105-27\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"All MySQL users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-db/mysql-5.7.34'\n All mysql users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-db/mysql-8.0.24'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14878\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:mysql-connector-c\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/01/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-db/mysql\", unaffected:make_list(\"ge 5.7.34\", \"ge 8.0.24\"), vulnerable:make_list(\"lt 8.0.24\"))) flag++;\nif (qpkg_check(package:\"dev-db/mysql-connector-c\", unaffected:make_list(\"ge 8.0.24\"), vulnerable:make_list(\"lt 8.0.24\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MySQL\");\n}\n", "cvss": {"score": 7.7, "vector": "AV:A/AC:L/Au:S/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2022-04-18T12:40:10", "description": "An update that fixes three vulnerabilities is now available.\n\nDescription:\n\n This update for mysql-connector-java fixes the following issues:\n\n - CVE-2020-2875: Unauthenticated attacker with network access via multiple\n protocols can compromise MySQL Connectors. (bsc#1173600)\n - CVE-2020-2934: Fixed a vulnerability which could cause a partial denial\n of service of MySQL Connectors. (bsc#1173600)\n - CVE-2020-2933: Fixed a vulnerability which could allows high privileged\n attacker with network access via multiple protocols to compromise MySQL\n Connectors. (bsc#1173600)\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.3:\n\n zypper in -t patch openSUSE-SLE-15.3-2021-2622=1", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 5.0, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.4}, "published": "2021-08-05T00:00:00", "type": "suse", "title": "Security update for mysql-connector-java (moderate)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-2875", "CVE-2020-2933", "CVE-2020-2934"], "modified": "2021-08-05T00:00:00", "id": "OPENSUSE-SU-2021:2622-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/KHHGZ3MEHVZT3NYQIEG5WTISHLXRLW3D/", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2020-06-16T15:58:16", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2020-06-12T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for mysql-connector-java (DLA-2245-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-2875", "CVE-2020-2934", "CVE-2020-2933"], "modified": "2020-06-12T00:00:00", "id": "OPENVAS:1361412562310892245", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310892245", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.892245\");\n script_version(\"2020-06-12T03:00:10+0000\");\n script_cve_id(\"CVE-2020-2875\", \"CVE-2020-2933\", \"CVE-2020-2934\");\n script_tag(name:\"cvss_base\", value:\"5.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-06-12 03:00:10 +0000 (Fri, 12 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-06-12 03:00:10 +0000 (Fri, 12 Jun 2020)\");\n script_name(\"Debian LTS: Security Advisory for mysql-connector-java (DLA-2245-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2020/06/msg00015.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DLA-2245-1\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mysql-connector-java'\n package(s) announced via the DLA-2245-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Several issues were discovered in mysql-connector-java, a Java database\n(JDBC) driver for MySQL, that allow attackers to update, insert or\ndelete access to some of MySQL Connectors accessible data, unauthorized\nread access to a subset of the data, and partial denial of service.\");\n\n script_tag(name:\"affected\", value:\"'mysql-connector-java' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', these problems have been fixed in version\n5.1.49-0+deb8u1.\n\nWe recommend that you upgrade your mysql-connector-java packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libmysql-java\", ver:\"5.1.49-0+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-06-16T15:58:26", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2020-06-12T00:00:00", "type": "openvas", "title": "Debian: Security Advisory for mysql-connector-java (DSA-4703-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-2875", "CVE-2020-2934", "CVE-2020-2933"], "modified": "2020-06-12T00:00:00", "id": "OPENVAS:1361412562310704703", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704703", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704703\");\n script_version(\"2020-06-12T03:00:11+0000\");\n script_cve_id(\"CVE-2020-2875\", \"CVE-2020-2933\", \"CVE-2020-2934\");\n script_tag(name:\"cvss_base\", value:\"5.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-06-12 03:00:11 +0000 (Fri, 12 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-06-12 03:00:11 +0000 (Fri, 12 Jun 2020)\");\n script_name(\"Debian: Security Advisory for mysql-connector-java (DSA-4703-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB9\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2020/dsa-4703.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DSA-4703-1\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mysql-connector-java'\n package(s) announced via the DSA-4703-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Three vulnerabilities have been found in the MySQL Connector/J JDBC\ndriver.\");\n\n script_tag(name:\"affected\", value:\"'mysql-connector-java' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For the oldstable distribution (stretch), these problems have been fixed\nin version 5.1.49-0+deb9u1.\n\nWe recommend that you upgrade your mysql-connector-java packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libmysql-java\", ver:\"5.1.49-0+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}], "osv": [{"lastseen": "2022-08-10T07:18:55", "description": "\nThree vulnerabilities have been found in the MySQL Connector/J JDBC\ndriver.\n\n\nFor the oldstable distribution (stretch), these problems have been fixed\nin version 5.1.49-0+deb9u1.\n\n\nWe recommend that you upgrade your mysql-connector-java packages.\n\n\nFor the detailed security status of mysql-connector-java please refer to\nits security tracker page at:\n[\\\nhttps://security-tracker.debian.org/tracker/mysql-connector-java](https://security-tracker.debian.org/tracker/mysql-connector-java)\n\n\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "baseScore": 5.0, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 3.4}, "published": "2020-06-11T00:00:00", "type": "osv", "title": "mysql-connector-java - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-2875", "CVE-2020-2934", "CVE-2020-2933"], "modified": "2022-08-10T07:18:51", "id": "OSV:DSA-4703-1", "href": "https://osv.dev/vulnerability/DSA-4703-1", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-21T08:17:02", "description": "\nSeveral issues were discovered in mysql-connector-java, a Java database\n(JDBC) driver for MySQL, that allow attackers to update, insert or\ndelete access to some of MySQL Connectors accessible data, unauthorized\nread access to a subset of the data, and partial denial of service.\n\n\nFor Debian 8 Jessie, these problems have been fixed in version\n5.1.49-0+deb8u1.\n\n\nWe recommend that you upgrade your mysql-connector-java packages.\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "baseScore": 5.0, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 3.4}, "published": "2020-06-11T00:00:00", "type": "osv", "title": "mysql-connector-java - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-2875", "CVE-2020-2934", "CVE-2020-2933"], "modified": "2022-07-21T05:53:12", "id": "OSV:DLA-2245-1", "href": "https://osv.dev/vulnerability/DLA-2245-1", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2021-12-07T14:56:02", "description": "Package : mysql-connector-java\nVersion : 5.1.49-0+deb8u1\nCVE ID : CVE-2020-2875 CVE-2020-2933 CVE-2020-2934\n\n\nSeveral issues were discovered in mysql-connector-java, a Java database\n(JDBC) driver for MySQL, that allow attackers to update, insert or\ndelete access to some of MySQL Connectors accessible data, unauthorized\nread access to a subset of the data, and partial denial of service.\n\nFor Debian 8 "Jessie", these problems have been fixed in version\n5.1.49-0+deb8u1.\n\nWe recommend that you upgrade your mysql-connector-java packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "baseScore": 5.0, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 3.4}, "published": "2020-06-11T18:29:24", "type": "debian", "title": "[SECURITY] [DLA 2245-1] mysql-connector-java security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-2875", "CVE-2020-2933", "CVE-2020-2934"], "modified": "2020-06-11T18:29:24", "id": "DEBIAN:DLA-2245-1:59DF3", "href": "https://lists.debian.org/debian-lts-announce/2020/06/msg00015.html", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-21T15:06:36", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4703-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nJune 11, 2020 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : mysql-connector-java\nCVE ID : CVE-2020-2875 CVE-2020-2933 CVE-2020-2934\n\nThree vulnerabilities have been found in the MySQL Connector/J JDBC\ndriver.\n \nFor the oldstable distribution (stretch), these problems have been fixed\nin version 5.1.49-0+deb9u1.\n\nWe recommend that you upgrade your mysql-connector-java packages.\n\nFor the detailed security status of mysql-connector-java please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/mysql-connector-java\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 5.0, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.4}, "published": "2020-06-11T17:47:17", "type": "debian", "title": "[SECURITY] [DSA 4703-1] mysql-connector-java security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-2875", "CVE-2020-2933", "CVE-2020-2934"], "modified": "2020-06-11T17:47:17", "id": "DEBIAN:DSA-4703-1:2A1EC", "href": "https://lists.debian.org/debian-security-announce/2020/msg00107.html", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2022-01-19T15:51:31", "description": "\n\nOracle reports:\n\nThis Critical Patch Update contains 45 new security patches for\n\t Oracle MySQL. 9 of these vulnerabilities may be remotely exploitable\n\t without authentication, i.e., may be exploited over a network without\n\t requiring user credentials.\n\n\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.3, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-04-14T00:00:00", "type": "freebsd", "title": "MySQL Client -- Multiple vulerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-2752", "CVE-2020-2875", "CVE-2020-2922", "CVE-2020-2933", "CVE-2020-2934"], "modified": "2020-04-14T00:00:00", "id": "622B5C47-855B-11EA-A5E2-D4C9EF517024", "href": "https://vuxml.freebsd.org/freebsd/622b5c47-855b-11ea-a5e2-d4c9ef517024.html", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}], "redhatcve": [{"lastseen": "2023-03-09T16:02:00", "description": "A flaw was found in the mysql-connector-java package. A complicated attack against the mysql Connector/J allows attackers on the local network to interfere with a user's connection and insert unauthorized SQL commands in MySQL Connectors and other products.\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 4.7, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2020-06-25T12:54:45", "type": "redhatcve", "title": "CVE-2020-2875", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-2875"], "modified": "2023-03-09T15:25:11", "id": "RH:CVE-2020-2875", "href": "https://access.redhat.com/security/cve/cve-2020-2875", "cvss": {"score": 4.0, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-03-09T16:02:01", "description": "A flaw was found in the mysql-connector-java package. A complicated attack against the mysql Connector/J allows attackers on the local network to interfere with a user's connection and insert unauthorized SQL commands.\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 5.0, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.4}, "published": "2020-06-25T12:54:46", "type": "redhatcve", "title": "CVE-2020-2934", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-2934"], "modified": "2023-03-09T15:25:19", "id": "RH:CVE-2020-2934", "href": "https://access.redhat.com/security/cve/cve-2020-2934", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-09T16:02:00", "description": "A flaw was found in the mysql-connector-java package. A complicated attack against the mysql Connector/J allows attackers on the local network to interfere with a user's connection, causing a denial of service of the MySQL Connectors.\n", "cvss3": {"exploitabilityScore": 0.7, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "baseScore": 2.2, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-06-25T13:27:00", "type": "redhatcve", "title": "CVE-2020-2933", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-2933"], "modified": "2023-03-09T15:25:13", "id": "RH:CVE-2020-2933", "href": "https://access.redhat.com/security/cve/cve-2020-2933", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:N/A:P"}}], "ubuntucve": [{"lastseen": "2023-01-27T13:43:50", "description": "Vulnerability in the MySQL Connectors product of Oracle MySQL (component:\nConnector/J). Supported versions that are affected are 8.0.14 and prior and\n5.1.48 and prior. Difficult to exploit vulnerability allows unauthenticated\nattacker with network access via multiple protocols to compromise MySQL\nConnectors. Successful attacks require human interaction from a person\nother than the attacker and while the vulnerability is in MySQL Connectors,\nattacks may significantly impact additional products. Successful attacks of\nthis vulnerability can result in unauthorized update, insert or delete\naccess to some of MySQL Connectors accessible data as well as unauthorized\nread access to a subset of MySQL Connectors accessible data. CVSS 3.0 Base\nScore 4.7 (Confidentiality and Integrity impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N).", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 4.7, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2020-04-15T00:00:00", "type": "ubuntucve", "title": "CVE-2020-2875", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-2875"], "modified": "2020-04-15T00:00:00", "id": "UB:CVE-2020-2875", "href": "https://ubuntu.com/security/CVE-2020-2875", "cvss": {"score": 4.0, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-01-27T13:43:45", "description": "Vulnerability in the MySQL Connectors product of Oracle MySQL (component:\nConnector/J). Supported versions that are affected are 8.0.19 and prior and\n5.1.48 and prior. Difficult to exploit vulnerability allows unauthenticated\nattacker with network access via multiple protocols to compromise MySQL\nConnectors. Successful attacks require human interaction from a person\nother than the attacker. Successful attacks of this vulnerability can\nresult in unauthorized update, insert or delete access to some of MySQL\nConnectors accessible data as well as unauthorized read access to a subset\nof MySQL Connectors accessible data and unauthorized ability to cause a\npartial denial of service (partial DOS) of MySQL Connectors. CVSS 3.0 Base\nScore 5.0 (Confidentiality, Integrity and Availability impacts). CVSS\nVector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L).", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 5.0, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.4}, "published": "2020-04-15T00:00:00", "type": "ubuntucve", "title": "CVE-2020-2934", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-2934"], "modified": "2020-04-15T00:00:00", "id": "UB:CVE-2020-2934", "href": "https://ubuntu.com/security/CVE-2020-2934", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-27T13:43:46", "description": "Vulnerability in the MySQL Connectors product of Oracle MySQL (component:\nConnector/J). Supported versions that are affected are 5.1.48 and prior.\nDifficult to exploit vulnerability allows high privileged attacker with\nnetwork access via multiple protocols to compromise MySQL Connectors.\nSuccessful attacks of this vulnerability can result in unauthorized ability\nto cause a partial denial of service (partial DOS) of MySQL Connectors.\nCVSS 3.0 Base Score 2.2 (Availability impacts). CVSS Vector:\n(CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L).", "cvss3": {"exploitabilityScore": 0.7, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "baseScore": 2.2, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-04-15T00:00:00", "type": "ubuntucve", "title": "CVE-2020-2933", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-2933"], "modified": "2020-04-15T00:00:00", "id": "UB:CVE-2020-2933", "href": "https://ubuntu.com/security/CVE-2020-2933", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:N/A:P"}}], "cve": [{"lastseen": "2023-02-09T15:18:48", "description": "Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.14 and prior and 5.1.48 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Connectors, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data as well as unauthorized read access to a subset of MySQL Connectors accessible data. CVSS 3.0 Base Score 4.7 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N).", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 4.7, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2020-04-15T14:15:00", "type": "cve", "title": "CVE-2020-2875", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-2875"], "modified": "2022-06-30T20:07:00", "cpe": ["cpe:/o:fedoraproject:fedora:33", "cpe:/o:fedoraproject:fedora:32", "cpe:/a:oracle:mysql_connector\\/j:5.1.48", "cpe:/o:debian:debian_linux:9.0", "cpe:/a:oracle:mysql_connector\\/j:8.0.14", "cpe:/o:debian:debian_linux:8.0"], "id": "CVE-2020-2875", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-2875", "cvss": {"score": 4.0, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N"}, "cpe23": ["cpe:2.3:a:oracle:mysql_connector\\/j:8.0.14:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql_connector\\/j:5.1.48:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T15:19:21", "description": "Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.19 and prior and 5.1.48 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data as well as unauthorized read access to a subset of MySQL Connectors accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Connectors. CVSS 3.0 Base Score 5.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L).", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 5.0, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.4}, "published": "2020-04-15T14:15:00", "type": "cve", "title": "CVE-2020-2934", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-2934"], "modified": "2022-03-29T16:40:00", "cpe": ["cpe:/o:fedoraproject:fedora:33", "cpe:/o:fedoraproject:fedora:32", "cpe:/a:oracle:mysql_connector\\/j:5.1.48", "cpe:/o:debian:debian_linux:9.0", "cpe:/a:oracle:weblogic_server:12.1.3.0.0", "cpe:/a:oracle:weblogic_server:12.2.1.3.0", "cpe:/a:oracle:weblogic_server:12.2.1.4.0", "cpe:/a:oracle:weblogic_server:14.1.1.0.0", "cpe:/o:debian:debian_linux:8.0", "cpe:/a:oracle:mysql_connector\\/j:8.0.19"], "id": "CVE-2020-2934", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-2934", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql_connector\\/j:5.1.48:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql_connector\\/j:8.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T15:19:21", "description": "Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 5.1.48 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Connectors. CVSS 3.0 Base Score 2.2 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L).", "cvss3": {"exploitabilityScore": 0.7, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "baseScore": 2.2, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-04-15T14:15:00", "type": "cve", "title": "CVE-2020-2933", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-2933"], "modified": "2022-06-30T19:53:00", "cpe": ["cpe:/o:fedoraproject:fedora:33", "cpe:/o:fedoraproject:fedora:32", "cpe:/a:oracle:mysql_connector\\/j:5.1.48", "cpe:/o:debian:debian_linux:9.0", "cpe:/o:debian:debian_linux:8.0"], "id": "CVE-2020-2933", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-2933", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql_connector\\/j:5.1.48:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*"]}], "debiancve": [{"lastseen": "2021-12-14T17:50:54", "description": "Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.14 and prior and 5.1.48 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Connectors, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data as well as unauthorized read access to a subset of MySQL Connectors accessible data. CVSS 3.0 Base Score 4.7 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N).", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 4.7, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 2.7}, "published": "2020-04-15T14:15:00", "type": "debiancve", "title": "CVE-2020-2875", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-2875"], "modified": "2020-04-15T14:15:00", "id": "DEBIANCVE:CVE-2020-2875", "href": "https://security-tracker.debian.org/tracker/CVE-2020-2875", "cvss": {"score": 4.0, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-12-14T17:50:54", "description": "Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.19 and prior and 5.1.48 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data as well as unauthorized read access to a subset of MySQL Connectors accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Connectors. CVSS 3.0 Base Score 5.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L).", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "baseScore": 5.0, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 3.4}, "published": "2020-04-15T14:15:00", "type": "debiancve", "title": "CVE-2020-2934", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-2934"], "modified": "2020-04-15T14:15:00", "id": "DEBIANCVE:CVE-2020-2934", "href": "https://security-tracker.debian.org/tracker/CVE-2020-2934", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-14T17:50:54", "description": "Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 5.1.48 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Connectors. CVSS 3.0 Base Score 2.2 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L).", "cvss3": {"exploitabilityScore": 0.7, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "NONE", "baseScore": 2.2, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 1.4}, "published": "2020-04-15T14:15:00", "type": "debiancve", "title": "CVE-2020-2933", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-2933"], "modified": "2020-04-15T14:15:00", "id": "DEBIANCVE:CVE-2020-2933", "href": "https://security-tracker.debian.org/tracker/CVE-2020-2933", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:N/A:P"}}], "mageia": [{"lastseen": "2022-04-18T11:19:34", "description": "A flaw was found in the mysql-connector-java package. A complicated attack against the mysql Connector/J allows attackers on the local network to interfere with a user's connection and insert unauthorized SQL commands (CVE-2020-2934). \n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 5.0, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.4}, "published": "2020-09-21T19:45:58", "type": "mageia", "title": "Updated mysql-connector-java package fixes security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-2934"], "modified": "2020-09-21T19:45:58", "id": "MGASA-2020-0369", "href": "https://advisories.mageia.org/MGASA-2020-0369.html", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}], "veracode": [{"lastseen": "2022-07-26T16:55:47", "description": "mysql-connector-java is vulnerable to denial of service. When working with a load balancing setup, if the connection property `loadBalanceStrategy` was set to `bestResponseTime` and connections to all the hosts in the original setup failed, a denial of service condition will occur in Connector/J, even if newly-added hosts are available.\n", "cvss3": {"exploitabilityScore": 0.7, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "baseScore": 2.2, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-09-14T04:14:37", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-2933"], "modified": "2022-06-30T20:48:40", "id": "VERACODE:26741", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-26741/summary", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:N/A:P"}}], "redhat": [{"lastseen": "2021-10-19T20:40:11", "description": "Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation (DMN) execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that logic available to the entire business. \n\nThis release of Red Hat Decision Manager 7.9.0 serves as an update to Red Hat Decision Manager 7.8.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)\n\n* batik: SSRF via \"xlink:href\" (CVE-2019-17566)\n\n* Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)\n\n* ant: insecure temporary file vulnerability (CVE-2020-1945)\n\n* dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)\n\n* hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)\n\n* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)\n\n* cxf: JMX integration is vulnerable to a MITM attack (CVE-2020-1954)\n\n* mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete (CVE-2020-2875)\n\n* mysql-connector-java: allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized partial DoS (CVE-2020-2933)\n\n* mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete (CVE-2020-2934)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-11-05T18:43:06", "type": "redhat", "title": "(RHSA-2020:4960) Moderate: Red Hat Decision Manager 7.9.0 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-14900", "CVE-2019-17566", "CVE-2020-10683", "CVE-2020-10693", "CVE-2020-10714", "CVE-2020-1748", "CVE-2020-1945", "CVE-2020-1954", "CVE-2020-2875", "CVE-2020-2933", "CVE-2020-2934"], "modified": "2020-11-05T18:43:54", "id": "RHSA-2020:4960", "href": "https://access.redhat.com/errata/RHSA-2020:4960", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-19T20:35:47", "description": "Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services.\n\nThis release of Red Hat Process Automation Manager 7.9.0 serves as an update to Red Hat Process Automation Manager 7.8.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)\n\n* batik: SSRF via \"xlink:href\" (CVE-2019-17566)\n\n* Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)\n\n* ant: insecure temporary file vulnerability (CVE-2020-1945)\n\n* dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)\n\n* hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)\n\n* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)\n\n* cxf: JMX integration is vulnerable to a MITM attack (CVE-2020-1954)\n\n* mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete (CVE-2020-2875)\n\n* mysql-connector-java: allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized partial DoS (CVE-2020-2933)\n\n* mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete (CVE-2020-2934)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-11-05T18:44:42", "type": "redhat", "title": "(RHSA-2020:4961) Moderate: Red Hat Process Automation Manager 7.9.0 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-14900", "CVE-2019-17566", "CVE-2020-10683", "CVE-2020-10693", "CVE-2020-10714", "CVE-2020-1748", "CVE-2020-1945", "CVE-2020-1954", "CVE-2020-2875", "CVE-2020-2933", "CVE-2020-2934"], "modified": "2020-11-05T18:45:25", "id": "RHSA-2020:4961", "href": "https://access.redhat.com/errata/RHSA-2020:4961", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-14T22:39:33", "description": "This release of Red Hat Fuse 7.10.0 serves as a replacement for Red Hat Fuse 7.9, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* log4j-core (CVE-2020-9488, CVE-2021-44228)\n\n* nodejs-lodash (CVE-2019-10744)\n\n* libthrift (CVE-2020-13949)\n\n* xstream (CVE-2020-26217, CVE-2020-26259, CVE-2021-21341, CVE-2021-21342, CVE-2021-21343, CVE-2021-21344, CVE-2021-21345, CVE-2021-21346, CVE-2021-21347, CVE-2021-21348, CVE-2021-21349, CVE-2021-21350, CVE-2021-21351)\n\n* undertow (CVE-2020-27782, CVE-2021-3597, CVE-2021-3629, CVE-2021-3690)\n\n* xmlbeans (CVE-2021-23926)\n\n* batik (CVE-2020-11987)\n\n* xmlgraphics-commons (CVE-2020-11988)\n\n* tomcat (CVE-2020-13943)\n\n* bouncycastle (CVE-2020-15522, CVE-2020-15522)\n\n* groovy (CVE-2020-17521)\n\n* tomcat (CVE-2020-17527)\n\n* jetty (CVE-2020-27218, CVE-2020-27223, CVE-2021-28163, CVE-2021-28164, CVE-2021-28169, CVE-2021-34428)\n\n* jackson-dataformat-cbor (CVE-2020-28491)\n\n* jboss-remoting (CVE-2020-35510)\n\n* kubernetes-client (CVE-2021-20218)\n\n* netty (CVE-2021-21290, CVE-2021-21295, CVE-2021-21409)\n\n* spring-web (CVE-2021-22118)\n\n* cxf-core (CVE-2021-22696)\n\n* json-smart (CVE-2021-27568)\n\n* jakarta.el (CVE-2021-28170)\n\n* commons-io (CVE-2021-29425)\n\n* sshd-core (CVE-2021-30129)\n\n* cxf-rt-rs-json-basic (CVE-2021-30468)\n\n* netty-codec (CVE-2021-37136, CVE-2021-37137)\n\n* jsoup (CVE-2021-37714)\n\n* poi (CVE-2019-12415)\n\n* mysql-connector-java (CVE-2020-2875, CVE-2020-2934)\n\n* wildfly (CVE-2021-3536)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 10.0, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 6.0}, "published": "2021-12-14T21:27:54", "type": "redhat", "title": "(RHSA-2021:5134) Critical: Red Hat Fuse 7.10.0 release and security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-10744", "CVE-2019-12415", "CVE-2020-11987", "CVE-2020-11988", "CVE-2020-13943", "CVE-2020-13949", "CVE-2020-15522", "CVE-2020-17521", "CVE-2020-17527", "CVE-2020-26217", "CVE-2020-26259", "CVE-2020-27218", "CVE-2020-27223", "CVE-2020-27782", "CVE-2020-28491", "CVE-2020-2875", "CVE-2020-2934", "CVE-2020-35510", "CVE-2020-9488", "CVE-2021-20218", "CVE-2021-21290", "CVE-2021-21295", "CVE-2021-21341", "CVE-2021-21342", "CVE-2021-21343", "CVE-2021-21344", "CVE-2021-21345", "CVE-2021-21346", "CVE-2021-21347", "CVE-2021-21348", "CVE-2021-21349", "CVE-2021-21350", "CVE-2021-21351", "CVE-2021-21409", "CVE-2021-22118", "CVE-2021-22696", "CVE-2021-23926", "CVE-2021-27568", "CVE-2021-28163", "CVE-2021-28164", "CVE-2021-28169", "CVE-2021-28170", "CVE-2021-29425", "CVE-2021-30129", "CVE-2021-30468", "CVE-2021-34428", "CVE-2021-3536", "CVE-2021-3597", "CVE-2021-3629", "CVE-2021-3690", "CVE-2021-37136", "CVE-2021-37137", "CVE-2021-37714", "CVE-2021-44228"], "modified": "2021-12-14T21:28:27", "id": "RHSA-2021:5134", "href": "https://access.redhat.com/errata/RHSA-2021:5134", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "ibm": [{"lastseen": "2023-02-27T21:50:13", "description": "## Summary\n\nIBM API Connect has addressed the following vulnerabilities.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-2763](<https://vulners.com/cve/CVE-2020-2763>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL related to the Server Server: Replication component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base score: 4.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179663](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179663>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-2897](<https://vulners.com/cve/CVE-2020-2897>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL related to the Server Server: Optimizer component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base score: 4.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179795](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179795>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-2925](<https://vulners.com/cve/CVE-2020-2925>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL related to the Server Server: PS component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base score: 4.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179820](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179820>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-2903](<https://vulners.com/cve/CVE-2020-2903>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL related to the Server Server: Connection Handling component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base score: 4.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179801](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179801>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-2762](<https://vulners.com/cve/CVE-2020-2762>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL related to the Server InnoDB component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base score: 4.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179662](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179662>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-2759](<https://vulners.com/cve/CVE-2020-2759>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL related to the Server Server: Replication component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base score: 4.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179659](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179659>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-2892](<https://vulners.com/cve/CVE-2020-2892>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL related to the Server Server: Optimizer component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base score: 4.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179790](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179790>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-2926](<https://vulners.com/cve/CVE-2020-2926>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL related to the Server Server: Group Replication GCS component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base score: 4.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179821](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179821>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-2761](<https://vulners.com/cve/CVE-2020-2761>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL related to the Server Server: Security: Privileges component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base score: 4.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179661](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179661>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-2768](<https://vulners.com/cve/CVE-2020-2768>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL related to the Cluster Cluster: General component could allow an authenticated attacker to cause no confidentiality impact, low integrity impact, and high availability impact. \nCVSS Base score: 6.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179668](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179668>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H) \n \n** CVEID: **[CVE-2020-2806](<https://vulners.com/cve/CVE-2020-2806>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL related to the Server Server: Compiling component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179704](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179704>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-2922](<https://vulners.com/cve/CVE-2020-2922>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL related to the Client C API component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179817](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179817>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2020-2814](<https://vulners.com/cve/CVE-2020-2814>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL related to the Server InnoDB component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base score: 4.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179712](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179712>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-2790](<https://vulners.com/cve/CVE-2020-2790>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL related to the Server Server: Pluggable Auth component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179689](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179689>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-2779](<https://vulners.com/cve/CVE-2020-2779>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL related to the Server Server: Security: Privileges component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base score: 4.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179679](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179679>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-2904](<https://vulners.com/cve/CVE-2020-2904>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL related to the Server Server: Optimizer component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base score: 4.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179802](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179802>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-2780](<https://vulners.com/cve/CVE-2020-2780>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL related to the Server Server: DML component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179680](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179680>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-2930](<https://vulners.com/cve/CVE-2020-2930>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL related to the Server Server: Parser component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base score: 4.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179825](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179825>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-2804](<https://vulners.com/cve/CVE-2020-2804>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL related to the Server Server: Memcached component could allow an unauthenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179702](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179702>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-2921](<https://vulners.com/cve/CVE-2020-2921>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL related to the Server Server: Group Replication Plugin component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base score: 4.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179816](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179816>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-2770](<https://vulners.com/cve/CVE-2020-2770>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL related to the Server Server: Logging component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base score: 4.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179670](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179670>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-2774](<https://vulners.com/cve/CVE-2020-2774>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL related to the Server Server: Security: Privileges component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base score: 4.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179674](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179674>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-2875](<https://vulners.com/cve/CVE-2020-2875>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL related to the Connectors Connector/J component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 4.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179773](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179773>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2020-2928](<https://vulners.com/cve/CVE-2020-2928>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL related to the Server Server: Optimizer component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base score: 4.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179823](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179823>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-2898](<https://vulners.com/cve/CVE-2020-2898>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL related to the Server Server: Charsets component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base score: 4.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179796](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179796>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-2896](<https://vulners.com/cve/CVE-2020-2896>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL related to the Server Server: Information Schema component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base score: 4.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179794](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179794>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-2923](<https://vulners.com/cve/CVE-2020-2923>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL related to the Server Server: Optimizer component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base score: 4.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179818](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179818>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-2901](<https://vulners.com/cve/CVE-2020-2901>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL related to the Server Server: Optimizer component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base score: 4.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179799](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179799>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-2760](<https://vulners.com/cve/CVE-2020-2760>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL related to the Server InnoDB component could allow an authenticated attacker to cause no confidentiality impact, low integrity impact, and high availability impact. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179660](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179660>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H) \n \n** CVEID: **[CVE-2020-2853](<https://vulners.com/cve/CVE-2020-2853>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL related to the Server Server: Security: Privileges component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base score: 4.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179751](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179751>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-2895](<https://vulners.com/cve/CVE-2020-2895>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL related to the Server InnoDB component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base score: 4.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179793](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179793>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-2765](<https://vulners.com/cve/CVE-2020-2765>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL related to the Server Server: Optimizer component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base score: 4.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179665](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179665>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-2893](<https://vulners.com/cve/CVE-2020-2893>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL related to the Server InnoDB component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base score: 4.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179791](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179791>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-2924](<https://vulners.com/cve/CVE-2020-2924>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL related to the Server Server: Optimizer component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base score: 4.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179819](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179819>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-2812](<https://vulners.com/cve/CVE-2020-2812>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL related to the Server Server: Stored Procedure component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base score: 4.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179710](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179710>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-2933](<https://vulners.com/cve/CVE-2020-2933>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL related to the Connectors Connector/J component could allow an authenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 2.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179828](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179828>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2934](<https://vulners.com/cve/CVE-2020-2934>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL related to the Connectors Connector/J component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179829](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179829>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nAPI Connect| V2018.4.1.0-2018.4.1.12 \nAPI Connect| V10.0.0 \n \n## Remediation/Fixes\n\nAffected Product| Addressed in VRMF| APAR| Remediation/First Fix \n---|---|---|--- \n \nIBM API Connect \n\nV2018.4.1.0-2018.4.1.12\n\n| 2018.4.1.13| \n\nLI81610\n\n| \n\nAddressed in IBM API Connect V2018.4.1.13.\n\nDeveloper Portal is impacted. \n\nFollow this link and find the image appropriate for your installation.\n\n[http://www.ibm.com/support/fixcentral/swg/quickorder](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+API+Connect&release=2018.4.1.12&platform=All&function=all&source=fc> \"\" ) \n \nIBM API Connect \n\nV10.0.0\n\n| \n\nIBM API Connect \n\nV10.0.1\n\n| \n\nLI81610\n\n| \n\nAddressed in IBM API Connect V10.0.1 \n \nDeveloper Portal is impacted. \n \nFollow this link and find the image appropriate for your installation. \n[http://www.ibm.com/support/fixcentral/swg/quickorder](<https://www.ibm.com/support/pages/node/6339249> \"http://www.ibm.com/support/fixcentral/swg/quickorder\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-10-06T21:09:57", "type": "ibm", "title": "Security Bulletin: IBM API Connect's Developer Portal is impacted by vulnerabilities in MySQL.", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.5, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-2759", "CVE-2020-2760", "CVE-2020-2761", "CVE-2020-2762", "CVE-2020-2763", "CVE-2020-2765", "CVE-2020-2768", "CVE-2020-2770", "CVE-2020-2774", "CVE-2020-2779", "CVE-2020-2780", "CVE-2020-2790", "CVE-2020-2804", "CVE-2020-2806", "CVE-2020-2812", "CVE-2020-2814", "CVE-2020-2853", "CVE-2020-2875", "CVE-2020-2892", "CVE-2020-2893", "CVE-2020-2895", "CVE-2020-2896", "CVE-2020-2897", "CVE-2020-2898", "CVE-2020-2901", "CVE-2020-2903", "CVE-2020-2904", "CVE-2020-2921", "CVE-2020-2922", "CVE-2020-2923", "CVE-2020-2924", "CVE-2020-2925", "CVE-2020-2926", "CVE-2020-2928", "CVE-2020-2930", "CVE-2020-2933", "CVE-2020-2934"], "modified": "2020-10-06T21:09:57", "id": "A1A0398B401BEF610025984C15ACCDF1EDCBAE78A78A09063FD3B2A4DE512BFD", "href": "https://www.ibm.com/support/pages/node/6324761", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}], "gentoo": [{"lastseen": "2022-01-17T18:59:02", "description": "### Background\n\nMySQL is a popular multi-threaded, multi-user SQL server.\n\n### Description\n\nMultiple vulnerabilities have been discovered in MySQL. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nAn attacker could possibly execute arbitrary code with the privileges of the process, escalate privileges, gain access to critical data or complete access to all MySQL server accessible data, or cause a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll MySQL users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-db/mysql-5.7.34\"\n \n\nAll mysql users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-db/mysql-8.0.24\"", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-05-26T00:00:00", "type": "gentoo", "title": "MySQL: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 5.1, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.7, "vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-2938", "CVE-2019-2974", "CVE-2020-14539", "CVE-2020-14540", "CVE-2020-14547", "CVE-2020-14550", "CVE-2020-14553", "CVE-2020-14559", "CVE-2020-14564", "CVE-2020-14567", "CVE-2020-14568", "CVE-2020-14575", "CVE-2020-14576", "CVE-2020-14586", "CVE-2020-14591", "CVE-2020-14597", "CVE-2020-14614", "CVE-2020-14619", "CVE-2020-14620", "CVE-2020-14623", "CVE-2020-14624", "CVE-2020-14626", "CVE-2020-14631", "CVE-2020-14632", "CVE-2020-14633", "CVE-2020-14634", "CVE-2020-14641", "CVE-2020-14643", "CVE-2020-14651", "CVE-2020-14654", "CVE-2020-14656", "CVE-2020-14663", "CVE-2020-14672", "CVE-2020-14678", "CVE-2020-14680", "CVE-2020-14697", "CVE-2020-14702", "CVE-2020-14725", "CVE-2020-14760", "CVE-2020-14765", "CVE-2020-14769", "CVE-2020-14771", "CVE-2020-14773", "CVE-2020-14775", "CVE-2020-14776", "CVE-2020-14777", "CVE-2020-14785", "CVE-2020-14786", "CVE-2020-14789", "CVE-2020-14790", "CVE-2020-14791", "CVE-2020-14793", "CVE-2020-14794", "CVE-2020-14799", "CVE-2020-14800", "CVE-2020-14804", "CVE-2020-14809", "CVE-2020-14812", "CVE-2020-14814", "CVE-2020-14821", "CVE-2020-14827", "CVE-2020-14828", "CVE-2020-14829", "CVE-2020-14830", "CVE-2020-14836", "CVE-2020-14837", "CVE-2020-14838", "CVE-2020-14839", "CVE-2020-14844", "CVE-2020-14845", "CVE-2020-14846", "CVE-2020-14848", "CVE-2020-14852", "CVE-2020-14853", "CVE-2020-14860", "CVE-2020-14861", "CVE-2020-14866", "CVE-2020-14867", "CVE-2020-14868", "CVE-2020-14869", "CVE-2020-14870", "CVE-2020-14873", "CVE-2020-14878", "CVE-2020-14888", "CVE-2020-14891", "CVE-2020-14893", "CVE-2020-2570", "CVE-2020-2572", "CVE-2020-2573", "CVE-2020-2574", "CVE-2020-2577", "CVE-2020-2579", "CVE-2020-2580", "CVE-2020-2584", "CVE-2020-2588", "CVE-2020-2589", "CVE-2020-2627", "CVE-2020-2660", "CVE-2020-2679", "CVE-2020-2686", "CVE-2020-2694", "CVE-2020-2752", "CVE-2020-2759", "CVE-2020-2760", "CVE-2020-2761", "CVE-2020-2762", "CVE-2020-2763", "CVE-2020-2765", "CVE-2020-2768", "CVE-2020-2770", "CVE-2020-2774", "CVE-2020-2779", "CVE-2020-2780", "CVE-2020-2790", "CVE-2020-2804", "CVE-2020-2806", "CVE-2020-2812", "CVE-2020-2814", "CVE-2020-2853", "CVE-2020-2875", "CVE-2020-2892", "CVE-2020-2893", "CVE-2020-2895", "CVE-2020-2896", "CVE-2020-2897", "CVE-2020-2898", "CVE-2020-2901", "CVE-2020-2903", "CVE-2020-2904", "CVE-2020-2921", "CVE-2020-2922", "CVE-2020-2923", "CVE-2020-2924", "CVE-2020-2925", "CVE-2020-2926", "CVE-2020-2928", "CVE-2020-2930", "CVE-2020-2933", "CVE-2020-2934", "CVE-2021-1998", "CVE-2021-2001", "CVE-2021-2002", "CVE-2021-2006", "CVE-2021-2007", "CVE-2021-2009", "CVE-2021-2010", "CVE-2021-2011", "CVE-2021-2012", "CVE-2021-2014", "CVE-2021-2016", "CVE-2021-2019", "CVE-2021-2020", "CVE-2021-2021", "CVE-2021-2022", "CVE-2021-2024", "CVE-2021-2028", "CVE-2021-2030", "CVE-2021-2031", "CVE-2021-2032", "CVE-2021-2036", "CVE-2021-2038", "CVE-2021-2042", "CVE-2021-2046", "CVE-2021-2048", "CVE-2021-2055", "CVE-2021-2056", "CVE-2021-2058", "CVE-2021-2060", "CVE-2021-2061", "CVE-2021-2065", "CVE-2021-2070", "CVE-2021-2072", "CVE-2021-2076", "CVE-2021-2081", "CVE-2021-2087", "CVE-2021-2088", "CVE-2021-2122", "CVE-2021-2154", "CVE-2021-2166", "CVE-2021-2180"], "modified": "2021-05-26T00:00:00", "id": "GLSA-202105-27", "href": "https://security.gentoo.org/glsa/202105-27", "cvss": {"score": 7.7, "vector": "AV:A/AC:L/Au:S/C:C/I:C/A:C"}}], "oracle": [{"lastseen": "2022-10-24T19:58:58", "description": "A Critical Patch Update is a collection of patches for multiple security vulnerabilities. These patches are usually cumulative, but each advisory describes only the security patches added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security patches. Please refer to:\n\n * [Critical Patch Updates, Security Alerts and Bulletins](<https://www.oracle.com/security-alerts>) for information about Oracle Security Advisories.\n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released security patches. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update security patches without delay.**\n\nThis Critical Patch Update contains 399 new security patches across the product families listed below. Please note that an MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [ April 2020 Critical Patch Update: Executive Summary and Analysis](<https://support.oracle.com/rs?type=doc&id=2652714.1>).\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-04-14T00:00:00", "type": "oracle", "title": "Oracle Critical Patch Update Advisory - April 2020", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0254", "CVE-2015-1832", "CVE-2015-3253", "CVE-2015-7940", "CVE-2015-9251", "CVE-2016-0701", "CVE-2016-1000031", "CVE-2016-10244", "CVE-2016-10251", "CVE-2016-10328", "CVE-2016-2183", "CVE-2016-2381", "CVE-2016-3092", "CVE-2016-4000", "CVE-2016-4463", "CVE-2016-6306", "CVE-2016-6489", "CVE-2016-7103", "CVE-2016-8610", "CVE-2017-12626", "CVE-2017-13745", "CVE-2017-14232", "CVE-2017-14735", "CVE-2017-15706", "CVE-2017-3160", "CVE-2017-5130", "CVE-2017-5529", "CVE-2017-5533", "CVE-2017-5645", "CVE-2017-5754", "CVE-2017-7857", "CVE-2017-7858", "CVE-2017-7864", "CVE-2017-8105", "CVE-2017-8287", "CVE-2018-0732", "CVE-2018-0734", "CVE-2018-0737", "CVE-2018-1000180", "CVE-2018-1000613", "CVE-2018-1000632", "CVE-2018-1000873", "CVE-2018-10237", "CVE-2018-11054", "CVE-2018-11055", "CVE-2018-11056", "CVE-2018-11057", "CVE-2018-11058", "CVE-2018-11307", "CVE-2018-1165", "CVE-2018-11775", "CVE-2018-11784", "CVE-2018-11797", "CVE-2018-12022", "CVE-2018-12023", "CVE-2018-1258", "CVE-2018-1304", "CVE-2018-1305", "CVE-2018-1320", "CVE-2018-1336", "CVE-2018-14718", "CVE-2018-14719", "CVE-2018-14720", "CVE-2018-14721", "CVE-2018-15756", "CVE-2018-15769", "CVE-2018-17197", "CVE-2018-18227", "CVE-2018-18311", "CVE-2018-18873", "CVE-2018-19139", "CVE-2018-19360", "CVE-2018-19361", "CVE-2018-19362", "CVE-2018-19539", "CVE-2018-19540", "CVE-2018-19541", "CVE-2018-19542", "CVE-2018-19543", "CVE-2018-19622", "CVE-2018-19623", "CVE-2018-19624", "CVE-2018-19625", "CVE-2018-19626", "CVE-2018-19627", "CVE-2018-19628", "CVE-2018-20346", "CVE-2018-20506", "CVE-2018-20570", "CVE-2018-20584", "CVE-2018-20622", "CVE-2018-20843", "CVE-2018-20852", "CVE-2018-5407", "CVE-2018-5711", "CVE-2018-5712", "CVE-2018-6942", "CVE-2018-8014", "CVE-2018-8032", "CVE-2018-8034", "CVE-2018-8036", "CVE-2018-8037", "CVE-2018-8039", "CVE-2018-9055", "CVE-2018-9154", "CVE-2018-9252", "CVE-2019-0196", "CVE-2019-0197", "CVE-2019-0199", "CVE-2019-0211", "CVE-2019-0215", "CVE-2019-0217", "CVE-2019-0220", "CVE-2019-0221", "CVE-2019-0222", "CVE-2019-0227", "CVE-2019-0228", "CVE-2019-0232", "CVE-2019-10072", "CVE-2019-10081", "CVE-2019-10082", "CVE-2019-10086", "CVE-2019-10088", "CVE-2019-10092", "CVE-2019-10093", "CVE-2019-10094", "CVE-2019-10097", "CVE-2019-10098", "CVE-2019-1010238", "CVE-2019-10173", "CVE-2019-10246", "CVE-2019-10247", "CVE-2019-11358", "CVE-2019-12086", "CVE-2019-12384", "CVE-2019-12387", "CVE-2019-12402", "CVE-2019-12406", "CVE-2019-12415", "CVE-2019-12418", "CVE-2019-12419", "CVE-2019-12855", "CVE-2019-13057", "CVE-2019-13565", "CVE-2019-13990", "CVE-2019-14379", "CVE-2019-14439", "CVE-2019-14540", "CVE-2019-14821", "CVE-2019-14889", "CVE-2019-15161", "CVE-2019-15162", "CVE-2019-15163", "CVE-2019-15164", "CVE-2019-15165", "CVE-2019-1543", "CVE-2019-1547", "CVE-2019-1549", "CVE-2019-1552", "CVE-2019-15601", "CVE-2019-15604", "CVE-2019-15605", "CVE-2019-15606", "CVE-2019-1563", "CVE-2019-15903", "CVE-2019-16056", "CVE-2019-16168", "CVE-2019-16335", "CVE-2019-16942", "CVE-2019-16943", "CVE-2019-17091", "CVE-2019-17195", "CVE-2019-17359", "CVE-2019-17531", "CVE-2019-17563", "CVE-2019-17571", "CVE-2019-18197", "CVE-2019-19242", "CVE-2019-19244", "CVE-2019-19269", "CVE-2019-19317", "CVE-2019-19553", "CVE-2019-19603", "CVE-2019-19645", "CVE-2019-19646", "CVE-2019-19880", "CVE-2019-19923", "CVE-2019-19924", "CVE-2019-19925", "CVE-2019-19926", "CVE-2019-19959", "CVE-2019-20218", "CVE-2019-20330", "CVE-2019-2412", "CVE-2019-2725", "CVE-2019-2729", "CVE-2019-2756", "CVE-2019-2759", "CVE-2019-2852", "CVE-2019-2853", "CVE-2019-2878", "CVE-2019-2880", "CVE-2019-2899", "CVE-2019-2904", "CVE-2019-3008", "CVE-2019-5427", "CVE-2019-5435", "CVE-2019-5436", "CVE-2019-5443", "CVE-2019-5481", "CVE-2019-5482", "CVE-2019-8457", "CVE-2019-9517", "CVE-2019-9579", "CVE-2020-2514", "CVE-2020-2522", "CVE-2020-2524", "CVE-2020-2553", "CVE-2020-2558", "CVE-2020-2575", "CVE-2020-2578", "CVE-2020-2594", "CVE-2020-2680", "CVE-2020-2706", "CVE-2020-2733", "CVE-2020-2734", "CVE-2020-2735", "CVE-2020-2737", "CVE-2020-2738", "CVE-2020-2739", "CVE-2020-2740", "CVE-2020-2741", "CVE-2020-2742", "CVE-2020-2743", "CVE-2020-2744", "CVE-2020-2745", "CVE-2020-2746", "CVE-2020-2747", "CVE-2020-2748", "CVE-2020-2749", "CVE-2020-2750", "CVE-2020-2751", "CVE-2020-2752", "CVE-2020-2753", "CVE-2020-2754", "CVE-2020-2755", "CVE-2020-2756", "CVE-2020-2757", "CVE-2020-2758", "CVE-2020-2759", "CVE-2020-2760", "CVE-2020-2761", "CVE-2020-2762", "CVE-2020-2763", "CVE-2020-2764", "CVE-2020-2765", "CVE-2020-2766", "CVE-2020-2767", "CVE-2020-2768", "CVE-2020-2769", "CVE-2020-2770", "CVE-2020-2771", "CVE-2020-2772", "CVE-2020-2773", "CVE-2020-2774", "CVE-2020-2775", "CVE-2020-2776", "CVE-2020-2777", "CVE-2020-2778", "CVE-2020-2779", "CVE-2020-2780", "CVE-2020-2781", "CVE-2020-2782", "CVE-2020-2783", "CVE-2020-2784", "CVE-2020-2785", "CVE-2020-2786", "CVE-2020-2787", "CVE-2020-2789", "CVE-2020-2790", "CVE-2020-2791", "CVE-2020-2793", "CVE-2020-2794", "CVE-2020-2795", "CVE-2020-2796", "CVE-2020-2797", "CVE-2020-2798", "CVE-2020-2799", "CVE-2020-2800", "CVE-2020-2801", "CVE-2020-2802", "CVE-2020-2803", "CVE-2020-2804", "CVE-2020-2805", "CVE-2020-2806", "CVE-2020-2807", "CVE-2020-2808", "CVE-2020-2809", "CVE-2020-2810", "CVE-2020-2811", "CVE-2020-2812", "CVE-2020-2813", "CVE-2020-2814", "CVE-2020-2815", "CVE-2020-2816", "CVE-2020-2817", "CVE-2020-2818", "CVE-2020-2819", "CVE-2020-2820", "CVE-2020-2821", "CVE-2020-2822", "CVE-2020-2823", "CVE-2020-2824", "CVE-2020-2825", "CVE-2020-2826", "CVE-2020-2827", "CVE-2020-2828", "CVE-2020-2829", "CVE-2020-2830", "CVE-2020-2831", "CVE-2020-2832", "CVE-2020-2833", "CVE-2020-2834", "CVE-2020-2835", "CVE-2020-2836", "CVE-2020-2837", "CVE-2020-2838", "CVE-2020-2839", "CVE-2020-2840", "CVE-2020-2841", "CVE-2020-2842", "CVE-2020-2843", "CVE-2020-2844", "CVE-2020-2845", "CVE-2020-2846", "CVE-2020-2847", "CVE-2020-2848", "CVE-2020-2849", "CVE-2020-2850", "CVE-2020-2851", "CVE-2020-2852", "CVE-2020-2853", "CVE-2020-2854", "CVE-2020-2855", "CVE-2020-2856", "CVE-2020-2857", "CVE-2020-2858", "CVE-2020-2859", "CVE-2020-2860", "CVE-2020-2861", "CVE-2020-2862", "CVE-2020-2863", "CVE-2020-2864", "CVE-2020-2865", "CVE-2020-2866", "CVE-2020-2867", "CVE-2020-2868", "CVE-2020-2869", "CVE-2020-2870", "CVE-2020-2871", "CVE-2020-2872", "CVE-2020-2873", "CVE-2020-2874", "CVE-2020-2875", "CVE-2020-2876", "CVE-2020-2877", "CVE-2020-2878", "CVE-2020-2879", "CVE-2020-2880", "CVE-2020-2881", "CVE-2020-2882", "CVE-2020-2883", "CVE-2020-2884", "CVE-2020-2885", "CVE-2020-2886", "CVE-2020-2887", "CVE-2020-2888", "CVE-2020-2889", "CVE-2020-2890", "CVE-2020-2891", "CVE-2020-2892", "CVE-2020-2893", "CVE-2020-2894", "CVE-2020-2895", "CVE-2020-2896", "CVE-2020-2897", "CVE-2020-2898", "CVE-2020-2899", "CVE-2020-2900", "CVE-2020-2901", "CVE-2020-2902", "CVE-2020-2903", "CVE-2020-2904", "CVE-2020-2905", "CVE-2020-2906", "CVE-2020-2907", "CVE-2020-2908", "CVE-2020-2909", "CVE-2020-2910", "CVE-2020-2911", "CVE-2020-2912", "CVE-2020-2913", "CVE-2020-2914", "CVE-2020-2915", "CVE-2020-2920", "CVE-2020-2921", "CVE-2020-2922", "CVE-2020-2923", "CVE-2020-2924", "CVE-2020-2925", "CVE-2020-2926", "CVE-2020-2927", "CVE-2020-2928", "CVE-2020-2929", "CVE-2020-2930", "CVE-2020-2931", "CVE-2020-2932", "CVE-2020-2933", "CVE-2020-2934", "CVE-2020-2935", "CVE-2020-2936", "CVE-2020-2937", "CVE-2020-2938", "CVE-2020-2939", "CVE-2020-2940", "CVE-2020-2941", "CVE-2020-2942", "CVE-2020-2943", "CVE-2020-2944", "CVE-2020-2945", "CVE-2020-2946", "CVE-2020-2947", "CVE-2020-2949", "CVE-2020-2950", "CVE-2020-2951", "CVE-2020-2952", "CVE-2020-2953", "CVE-2020-2954", "CVE-2020-2955", "CVE-2020-2956", "CVE-2020-2958", "CVE-2020-2959", "CVE-2020-2961", "CVE-2020-2963", "CVE-2020-2964", "CVE-2020-5397", "CVE-2020-5398", "CVE-2020-7044", "CVE-2020-8840"], "modified": "2020-07-20T00:00:00", "id": "ORACLE:CPUAPR2020", "href": "https://www.oracle.com/security-alerts/cpuapr2020.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-04-14T23:28:54", "description": "A Critical Patch Update is a collection of patches for multiple security vulnerabilities. These patches address vulnerabilities in Oracle code and in third-party components included in Oracle products. These patches are usually cumulative, but each advisory describes only the security patches added since the previous Critical Patch Update Advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security patches. Refer to [\u201cCritical Patch Updates, Security Alerts and Bulletins\u201d](<https://www.oracle.com/security-alerts/>) for information about Oracle Security advisories. \n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released security patches. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update security patches without delay.**\n\nThis Critical Patch Update contains 497 new security patches across the product families listed below. Please note that an MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [ January 2022 Critical Patch Update: Executive Summary and Analysis](<https://support.oracle.com/rs?type=doc&id=2832416.1>).\n\n**Please note that on December 10, 2021, Oracle released a Security Alert for Apache Log4j vulnerabilities [CVE-2021-44228 and CVE-2021-45046](<https://www.oracle.com/security-alerts/alert-cve-2021-44228.html>). Customers should review the Alert if they have not already done so.**\n", "edition": 1, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-01-18T00:00:00", "type": "oracle", "title": "Oracle Critical Patch Update Advisory - January 2022", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-29582", "CVE-2022-21353", "CVE-2022-23302", "CVE-2022-21259", "CVE-2022-21267", "CVE-2021-36090", "CVE-2020-12723", "CVE-2022-21328", "CVE-2021-42575", "CVE-2021-41164", "CVE-2021-30369", "CVE-2022-21275", "CVE-2021-39145", "CVE-2022-21356", "CVE-2022-21243", "CVE-2021-25122", "CVE-2022-21253", "CVE-2021-3448", "CVE-2016-7103", "CVE-2021-39148", "CVE-2022-21399", "CVE-2020-11023", "CVE-2021-28163", "CVE-2020-7712", "CVE-2020-9484", "CVE-2022-21258", "CVE-2022-21251", "CVE-2020-14340", "CVE-2019-11358", "CVE-2022-21244", "CVE-2022-21296", "CVE-2020-36184", "CVE-2022-21282", "CVE-2021-22897", "CVE-2022-21395", "CVE-2022-21367", "CVE-2021-36160", "CVE-2021-32013", "CVE-2022-21354", "CVE-2021-2371", "CVE-2021-3177", "CVE-2021-44832", "CVE-2022-21358", "CVE-2021-26691", "CVE-2020-13935", "CVE-2022-23305", "CVE-2021-32012", "CVE-2020-11022", "CVE-2022-21278", "CVE-2022-21273", "CVE-2022-21389", "CVE-2022-21346", "CVE-2020-10683", "CVE-2021-44228", "CVE-2022-21345", "CVE-2020-14756", "CVE-2022-21374", "CVE-2022-21316", "CVE-2021-3517", "CVE-2020-8554", "CVE-2022-21364", "CVE-2021-22931", "CVE-2021-3712", "CVE-2020-35728", "CVE-2021-39146", "CVE-2020-17527", "CVE-2022-21247", "CVE-2021-30639", "CVE-2021-23440", "CVE-2022-21256", "CVE-2022-21397", "CVE-2022-21362", "CVE-2022-21265", "CVE-2021-32014", "CVE-2021-35516", "CVE-2021-45105", "CVE-2021-22939", "CVE-2020-36182", "CVE-2022-21276", "CVE-2021-32827", "CVE-2021-2428", "CVE-2019-17566", "CVE-2021-21705", "CVE-2021-22947", "CVE-2022-21355", "CVE-2021-22959", "CVE-2020-8284", "CVE-2022-21280", "CVE-2021-29425", "CVE-2022-21252", "CVE-2019-10219", "CVE-2019-10086", "CVE-2022-21295", "CVE-2022-21359", "CVE-2022-21257", "CVE-2021-39147", "CVE-2022-21339", "CVE-2021-39140", "CVE-2020-15824", "CVE-2021-39154", "CVE-2022-21400", "CVE-2022-21303", "CVE-2022-21314", "CVE-2022-21308", "CVE-2020-36181", "CVE-2022-21373", "CVE-2021-22925", "CVE-2022-21309", "CVE-2022-21294", "CVE-2022-21313", "CVE-2022-21333", "CVE-2022-21299", "CVE-2021-33560", "CVE-2022-21285", "CVE-2022-21297", "CVE-2022-21325", "CVE-2022-21283", "CVE-2020-5421", "CVE-2022-21255", "CVE-2022-21322", "CVE-2020-28052", "CVE-2022-21394", "CVE-2021-34798", "CVE-2022-21326", "CVE-2021-43395", "CVE-2022-21301", "CVE-2021-23336", "CVE-2022-21289", "CVE-2020-17530", "CVE-2021-32723", "CVE-2021-35517", "CVE-2022-21306", "CVE-2020-36186", "CVE-2020-10543", "CVE-2020-13949", "CVE-2022-21386", "CVE-2022-21242", "CVE-2018-1324", "CVE-2022-21388", "CVE-2022-21334", "CVE-2021-33909", "CVE-2022-21398", "CVE-2022-21270", "CVE-2020-14642", "CVE-2021-3326", "CVE-2022-21366", "CVE-2022-21342", "CVE-2021-32809", "CVE-2021-23840", "CVE-2022-21248", "CVE-2019-13734", "CVE-2022-21341", "CVE-2021-39153", "CVE-2022-21372", "CVE-2020-5258", "CVE-2022-21365", "CVE-2019-17495", "CVE-2022-21305", "CVE-2021-39152", "CVE-2022-21382", "CVE-2022-21352", "CVE-2020-28469", "CVE-2020-9281", "CVE-2022-21246", "CVE-2021-38153", "CVE-2020-11979", "CVE-2022-21370", "CVE-2021-39150", "CVE-2021-34429", "CVE-2021-29923", "CVE-2022-21291", "CVE-2021-41773", "CVE-2020-17521", "CVE-2022-21338", "CVE-2021-27568", "CVE-2022-21272", "CVE-2022-21378", "CVE-2021-37137", "CVE-2022-21391", "CVE-2021-2277", "CVE-2022-21375", "CVE-2022-21300", "CVE-2021-36373", "CVE-2021-35043", "CVE-2022-21381", "CVE-2021-21409", "CVE-2022-21245", "CVE-2021-3541", "CVE-2022-21260", "CVE-2022-21323", "CVE-2022-21369", "CVE-2021-41524", "CVE-2022-21387", "CVE-2022-21402", "CVE-2021-36690", "CVE-2020-8285", "CVE-2020-1945", "CVE-2022-21350", "CVE-2022-21290", "CVE-2022-21304", "CVE-2021-36221", "CVE-2022-21330", "CVE-2021-32808", "CVE-2021-35683", "CVE-2021-3426", "CVE-2020-36185", "CVE-2020-25649", "CVE-2022-21320", "CVE-2022-21288", "CVE-2020-2934", "CVE-2021-31812", "CVE-2022-21371", "CVE-2022-21349", "CVE-2021-22118", "CVE-2022-21266", "CVE-2020-11987", "CVE-2021-22898", "CVE-2022-21307", "CVE-2022-21271", "CVE-2022-21310", "CVE-2022-21279", "CVE-2022-21377", "CVE-2021-31684", "CVE-2022-21340", "CVE-2021-35687", "CVE-2020-35490", "CVE-2022-21277", "CVE-2022-21401", "CVE-2021-28164", "CVE-2021-3711", "CVE-2020-36188", "CVE-2020-36180", "CVE-2021-39139", "CVE-2022-21286", "CVE-2021-3634", "CVE-2021-33193", "CVE-2021-42013", "CVE-2021-44224", "CVE-2020-13936", "CVE-2022-21368", "CVE-2022-21287", "CVE-2022-21293", "CVE-2022-21392", "CVE-2022-21312", "CVE-2021-40438", "CVE-2021-22940", "CVE-2021-29921", "CVE-2020-8203", "CVE-2022-21274", "CVE-2022-21363", "CVE-2022-21376", "CVE-2022-21292", "CVE-2020-24616", "CVE-2022-21250", "CVE-2020-13817", "CVE-2022-21344", "CVE-2020-36187", "CVE-2022-21264", "CVE-2021-22946", "CVE-2022-21249", "CVE-2021-30640", "CVE-2022-21284", "CVE-2022-21317", "CVE-2021-28169", "CVE-2020-24750", "CVE-2022-21269", "CVE-2021-37136", "CVE-2022-21336", "CVE-2022-21348", "CVE-2022-21396", "CVE-2021-44790", "CVE-2022-21379", "CVE-2022-21324", "CVE-2020-35491", "CVE-2022-21361", "CVE-2021-22924", "CVE-2021-35587", "CVE-2022-21262", "CVE-2020-13934", "CVE-2022-21254", "CVE-2021-21783", "CVE-2021-35515", "CVE-2022-21281", "CVE-2018-11771", "CVE-2021-28165", "CVE-2019-17091", "CVE-2022-21329", "CVE-2022-21321", "CVE-2021-33037", "CVE-2021-22926", "CVE-2022-21332", "CVE-2021-35684", "CVE-2021-35686", "CVE-2022-21327", "CVE-2021-36374", "CVE-2021-35685", "CVE-2022-21383", "CVE-2021-33880", "CVE-2021-39149", "CVE-2022-21403", "CVE-2020-27618", "CVE-2022-21298", "CVE-2022-21318", "CVE-2022-21302", "CVE-2021-37695", "CVE-2020-36183", "CVE-2022-21380", "CVE-2021-39144", "CVE-2022-21360", "CVE-2021-39151", "CVE-2022-21319", "CVE-2021-39275", "CVE-2021-3516", "CVE-2021-34558", "CVE-2022-21337", "CVE-2021-2351", "CVE-2022-21357", "CVE-2020-6950", "CVE-2020-28500", "CVE-2022-21331", "CVE-2021-31811", "CVE-2021-23017", "CVE-2020-36189", "CVE-2022-21315", "CVE-2020-36179", "CVE-2022-21351", "CVE-2020-13956", "CVE-2022-21268", "CVE-2021-25329", "CVE-2022-23307", "CVE-2022-21390", "CVE-2021-42340", "CVE-2021-4104", "CVE-2021-22960", "CVE-2022-21347", "CVE-2021-34428", "CVE-2020-10878", "CVE-2020-8908", "CVE-2021-21703", "CVE-2022-21393", "CVE-2021-22119", "CVE-2021-41165", "CVE-2021-45046", "CVE-2022-21311", "CVE-2022-21263", "CVE-2021-37714", "CVE-2021-39141", "CVE-2018-1311", "CVE-2021-23337", "CVE-2021-22901", "CVE-2022-21261", "CVE-2021-2344", "CVE-2020-8177", "CVE-2022-21335", "CVE-2021-20718", "CVE-2021-29505"], "modified": "2022-03-14T00:00:00", "id": "ORACLE:CPUJAN2022", "href": "https://www.oracle.com/security-alerts/cpujan2022.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}
Security update for mysql-connector-java (moderate)
