Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:43925
HistoryOct 20, 2023 - 9:40 a.m.

Remote Code Execution (RCE)

2023-10-2009:40:48
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
278
rce
mysql-connector-java
connectionurl.java
arbitrary code execution
software

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:H

EPSS

0.001

Percentile

38.6%

mysql-connector-java is vulnerable to Remote Code Execution. The vulnerability is due to not sanitizing the propertiesTransformClassName when instantiated or not in setupPropertiesTransformer in the ConnectionUrl.java file. This potentially leads to Arbitrary Code Execution .

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:H

EPSS

0.001

Percentile

38.6%