CVE-2019-2692

EUVD-2020-0561
Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Connectors executes to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.3 MEDIUM
LOCAL
HIGH
HIGH
CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 73%
Affected Products (NVD)
VendorProductVersion
oraclemysql_connector\/j
𝑥
≤ 8.0.15
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
mysql-connector-java
bionic
not-affected
cosmic
ignored
disco
dne
trusty
not-affected
xenial
not-affected
References
http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
http://www.securityfocus.com/bid/107925
https://security.netapp.com/advisory/ntap-20190423-0002/
http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
http://www.securityfocus.com/bid/107925
https://security.netapp.com/advisory/ntap-20190423-0002/