CVE-2009-4833

MySQL Connector/NET before 6.0.4, when using encryption, does not verify SSL certificates during connection, which allows remote attackers to perform a man-in-the-middle attack with a spoofed SSL certificate.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 61%
VendorProductVersion
oraclemysql_connector\/net
𝑥
≤ 6.0.3
oraclemysql_connector\/net
6.0.0
oraclemysql_connector\/net
6.0.1
oraclemysql_connector\/net
6.0.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://bugs.mysql.com/bug.php?id=38700
http://secunia.com/advisories/35604
http://www.securityfocus.com/bid/35514
http://www.securitytracker.com/id?1022482
https://exchange.xforce.ibmcloud.com/vulnerabilities/51406
http://bugs.mysql.com/bug.php?id=38700
http://secunia.com/advisories/35604
http://www.securityfocus.com/bid/35514
http://www.securitytracker.com/id?1022482
https://exchange.xforce.ibmcloud.com/vulnerabilities/51406