OpenCVE

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.19 and prior and 5.1.48 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data as well as unauthorized read access to a subset of MySQL Connectors accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Connectors. CVSS 3.0 Base Score 5.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L).

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction Required

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction Required

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:H/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Debian	Debian Linux
Fedoraproject	Fedora
Oracle	Mysql Connector\/j Weblogic Server
Redhat	Jboss Enterprise Bpms Platform Jboss Enterprise Brms Platform Jboss Fuse

Configuration 1 [-]

OR	cpe:2.3:a:oracle:mysql_connector\/j::::::::
	cpe:2.3:a:oracle:mysql_connector\/j::::::::

Configuration 2 [-]

OR	cpe:2.3:o:fedoraproject:fedora:32:::::::*
	cpe:2.3:o:fedoraproject:fedora:33:::::::*

Configuration 3 [-]

OR	cpe:2.3:o:debian:debian_linux:8.0:::::::*
	cpe:2.3:o:debian:debian_linux:9.0:::::::*

Configuration 4 [-]

OR	cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:::::::*
	cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:::::::*
	cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:::::::*
	cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:::::::*

Package	CPE	Advisory	Released Date
Red Hat Fuse 7.10
mysql-connector-java	cpe:/a:redhat:jboss_fuse:7	RHSA-2021:5134	2021-12-14T00:00:00Z
RHDM 7.9.0
mysql-connector-java	cpe:/a:redhat:jboss_enterprise_brms_platform:7.9	RHSA-2020:4960	2020-11-05T00:00:00Z
RHPAM 7.9.0
mysql-connector-java	cpe:/a:redhat:jboss_enterprise_bpms_platform:7.9	RHSA-2020:4961	2020-11-05T00:00:00Z

References

Link	Providers
https://lists.debian.org/debian-lts-announce/2020/06/msg00015.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QDR2WOUETBT76WAO5NNCCXSAM3AGG3D/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDKQVPFT4Z4SFPBH6YNFMJOXKS2YYKHA/
https://nvd.nist.gov/vuln/detail/CVE-2020-2934
https://security.gentoo.org/glsa/202105-27
https://www.cve.org/CVERecord?id=CVE-2020-2934
https://www.debian.org/security/2020/dsa-4703
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/security-alerts/cpujan2022.html

History

Fri, 27 Sep 2024 19:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: oracle

Published: 2020-04-15T13:29:53

Updated: 2024-09-27T18:48:50.734Z

Reserved: 2019-12-10T00:00:00

Link: CVE-2020-2934

Vulnrichment

Updated: 2024-08-04T07:24:00.276Z

NVD

Status : Modified

Published: 2020-04-15T14:15:36.453

Modified: 2024-11-21T05:26:40.220

Link: CVE-2020-2934

Redhat

Severity : Low

Publid Date: 2020-04-15T00:00:00Z

Links: CVE-2020-2934 - Bugzilla

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction Required

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction Required

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object