Vulnerability in MySQL Connectors of Oracle MySQL Affects Multiple Versions
CVE-2020-2875

4.7MEDIUM

Key Information:

Vendor
Oracle
Status
Mysql Connectors
Vendor
CVE Published:
15 April 2020

Summary

A vulnerability in the MySQL Connectors product of Oracle MySQL allows unauthenticated attackers with network access through multiple protocols to exploit affected versions. This vulnerability, found in Connector/J 8.0.14 and prior, as well as 5.1.48 and prior, necessitates human interaction from an individual other than the attacker. Successful exploitation can lead to unauthorized updates, inserts, or deletions of accessible data, as well as unauthorized read access to sensitive information. Attack attempts can considerably affect additional products reliant on MySQL Connectors, posing a notable risk to data integrity and confidentiality.

Affected Version(s)

MySQL Connectors 8.0.14 and prior

MySQL Connectors 5.1.48 and prior

References

https://www.oracle.com/security-alerts/cpuapr2020.html
x_refsource_MISC
https://lists.debian.org/debian-lts-announce/2020/06/msg0...
mailing-listx_refsource_MLIST
https://www.debian.org/security/2020/dsa-4703
vendor-advisoryx_refsource_DEBIAN

CVSS V3.1

Score:
4.7
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.