Unauthenticated Vulnerability in MySQL Connectors by Oracle
CVE-2019-2435

8.1HIGH

Key Information:

Vendor

Oracle
Status
Mysql Connectors
Vendor
CVE Published:
16 January 2019

What is CVE-2019-2435?

An unauthenticated vulnerability exists within the MySQL Connectors component of Oracle MySQL, specifically in the Connector/Python subcomponent. This flaw affects versions 8.0.13 and prior as well as 2.1.8 and prior. Exploitation of this vulnerability permits an attacker with network access via TLS to potentially compromise the MySQL Connectors, requiring human interaction from an individual who is not the attacker. Successful exploitation may lead to unauthorized creation, deletion, or modification of critical data, breaching confidentiality and integrity across all accessible MySQL Connectors data.

Affected Version(s)

MySQL Connectors 8.0.13 and prior

MySQL Connectors 2.1.8 and prior

References

http://www.securityfocus.com/bid/106616
vdb-entryx_refsource_BID
http://www.oracle.com/technetwork/security-advisory/cpuja...
x_refsource_CONFIRM
https://security.netapp.com/advisory/ntap-20190118-0002/
x_refsource_CONFIRM

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.