CVE-2023-21971

5.3MEDIUM

Key Information:

Vendor: Oracle
Status: Mysql Connectors
Vendor: CVE Published:; 18 April 2023

Badges

👾 Exploit Exists🟡 Public PoC

Summary

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.32 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors as well as unauthorized update, insert or delete access to some of MySQL Connectors accessible data and unauthorized read access to a subset of MySQL Connectors accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:H).

Affected Version(s)

MySQL Connectors 8.0.32 and prior

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2023-21971_Analysis
Created by Avento

References

https://www.oracle.com/security-alerts/cpuapr2023.html

vendor-advisory

https://www.oracle.com/security-alerts/cpujul2023.html

vendor-advisory

https://security.netapp.com/advisory/ntap-20230427-0007/

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Timeline

🟡
Public PoC available
Jun 8, 2023
👾
Exploit known to exist
Jun 8, 2023
Vulnerability published
Apr 18, 2023
Vulnerability Reserved
Dec 17, 2022

Collectors

NVD DatabaseMitre Database1 Proof of Concept(s)