CVE-2023-22102
First published: Tue Oct 17 2023(Updated: )
Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.1.0 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Connectors, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
Credit: secalert_us@oracle.com secalert_us@oracle.com secalert_us@oracle.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Oracle MySQL | <=8.1.0 | |
| Oracle Mysql Connector\/j | <=8.1.0 | |
| NetApp OnCommand Insight | ||
| maven/com.mysql:mysql-connector-java | <8.2.0 | 8.2.0 |
| maven/com.mysql:mysql-connector-j | <8.2.0 | 8.2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.oracle.com/security-alerts/cpuoct2023.html
- https://security.netapp.com/advisory/ntap-20231027-0007/
- https://www.oracle.com/security-alerts/cpuoct2023.html#AppendixMSQL
- https://nvd.nist.gov/vuln/detail/CVE-2023-22102
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2256475
- https://access.redhat.com/errata/RHSA-2024:0722
- https://bugzilla.redhat.com/show_bug.cgi?id=2256474
- https://security.netapp.com/advisory/ntap-20231027-0007
- https://github.com/mysql/mysql-connector-j/compare/8.1.0...8.2.0
- https://github.com/advisories/GHSA-m6vm-37g8-gqvh (Advisory)
Frequently Asked Questions
What is the vulnerability ID for this MySQL Connectors vulnerability?
The vulnerability ID for this MySQL Connectors vulnerability is CVE-2023-22102.
What is the affected software for this MySQL Connectors vulnerability?
The affected software for this MySQL Connectors vulnerability is Oracle MySQL version up to and including 8.1.0.
What is the severity rating of the MySQL Connectors vulnerability?
The severity rating of the MySQL Connectors vulnerability is high, with a severity value of 8.3.
How can an attacker exploit this MySQL Connectors vulnerability?
An unauthenticated attacker with network access via multiple protocols could compromise MySQL Connectors by exploiting this vulnerability.
How do I fix the MySQL Connectors vulnerability?
To fix the MySQL Connectors vulnerability, it is recommended to update to a version higher than 8.1.0 as provided by Oracle.
- collector/nvd-index
- collector/nvd-api
- agent/type
- agent/first-publish-date
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- agent/author
- agent/remedy
- agent/severity
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2023-22102
- collector/mitre-cve
- source/MITRE
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-m6vm-37g8-gqvh
- agent/last-modified-date
- agent/references
- agent/softwarecombine
- agent/description
- agent/tags
- agent/event
- collector/github-advisory
- vendor/oracle
- canonical/oracle mysql
- version/oracle mysql/8.1.0
- canonical/oracle mysql connector\/j
- version/oracle mysql connector\/j/8.1.0
- vendor/netapp
- canonical/netapp oncommand insight
- package-manager/maven