CVE-2020-2933 - Vulnerability Details

CVE-2020-2933 - mysql-connector-java: allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized partial DoS

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 5.1.48 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Connectors. CVSS 3.0 Base Score 2.2 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L).

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00128.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Debian	Debian Linux
Fedoraproject	Fedora
Oracle	Mysql Connector\/j
Redhat	Jboss Enterprise Bpms Platform Jboss Enterprise Brms Platform

Configuration 1 [-]

cpe:2.3:a:oracle:mysql_connector\/j:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:fedoraproject:fedora:32:::::::*
	cpe:2.3:o:fedoraproject:fedora:33:::::::*

Configuration 3 [-]

OR	cpe:2.3:o:debian:debian_linux:8.0:::::::*
	cpe:2.3:o:debian:debian_linux:9.0:::::::*

Package	CPE	Advisory	Released Date
RHDM 7.9.0
mysql-connector-java	cpe:/a:redhat:jboss_enterprise_brms_platform:7.9	RHSA-2020:4960	2020-11-05T00:00:00Z
RHPAM 7.9.0
mysql-connector-java	cpe:/a:redhat:jboss_enterprise_bpms_platform:7.9	RHSA-2020:4961	2020-11-05T00:00:00Z

No data.

Advisories

Source	ID	Title
Debian DLA	DLA-2245-1	mysql-connector-java security update
Debian DSA	DSA-4703-1	mysql-connector-java security update
EUVD	EUVD-2020-22726	Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 5.1.48 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Connectors. CVSS 3.0 Base Score 2.2 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L).

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://lists.debian.org/debian-lts-announce/2020/06/msg00015.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QDR2WOUETBT76WAO5NNCCXSAM3AGG3D/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDKQVPFT4Z4SFPBH6YNFMJOXKS2YYKHA/
https://nvd.nist.gov/vuln/detail/CVE-2020-2933
https://security.gentoo.org/glsa/202105-27
https://www.cve.org/CVERecord?id=CVE-2020-2933
https://www.debian.org/security/2020/dsa-4703
https://www.oracle.com/security-alerts/cpuapr2020.html

History

Fri, 27 Sep 2024 19:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: oracle

Published: 2020-04-15T13:29:53

Updated: 2024-09-27T18:48:58.711Z

Reserved: 2019-12-10T00:00:00

Link: CVE-2020-2933

Vulnrichment

Updated: 2024-08-04T07:24:00.692Z

NVD

Status : Modified

Published: 2020-04-15T14:15:36.357

Modified: 2024-11-21T05:26:40.043

Link: CVE-2020-2933

Redhat

Severity : Low

Publid Date: 2020-04-15T00:00:00Z

Links: CVE-2020-2933 - Bugzilla

OpenCVE Enrichment

No data.

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object