MySQL Connector/J Vulnerability in Oracle MySQL
CVE-2021-2471

5.9MEDIUM

Key Information:

Vendor: Oracle
Status: Mysql Connectors
Vendor: CVE Published:; 20 October 2021

Badges

👾 Exploit Exists🟡 Public PoC

Summary

The vulnerability in Oracle's MySQL Connector/J can be exploited by high-privileged attackers with network access. This issue primarily affects versions 8.0.26 and prior. A successful exploit could lead to unauthorized access to sensitive data within the MySQL Connectors, enabling attackers to view or manipulate critical information. Additionally, the exploitation may result in a denial of service (DoS), leading to service interruptions and crashes. Users and administrators are advised to patch and upgrade to safeguard their databases against potential threats.

Affected Version(s)

MySQL Connectors 8.0.26 and prior

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

jdbc-sqlxml-xxe
Created by SecCoder-Security-Lab

CVE-2021-2471
Created by DrunkenShells

CVE-2021-2471
Created by cckuailong

References

https://www.oracle.com/security-alerts/cpuoct2021.html

x_refsource_MISC

https://www.oracle.com/security-alerts/cpuapr2022.html

x_refsource_MISC

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

🟡
Public PoC available
Oct 22, 2021
👾
Exploit known to exist
Oct 22, 2021
Vulnerability published
Oct 20, 2021
Vulnerability Reserved
Dec 9, 2020