Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS0yeHhoLWY4cjMtaHZ2cs4AASRm
Improper Access Control in MySQL Connectors Java
Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 5.1.40 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. While the vulnerability is in MySQL Connectors, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.0 Base Score 8.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H).
Permalink: https://github.com/advisories/GHSA-2xxh-f8r3-hvvrJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0yeHhoLWY4cjMtaHZ2cs4AASRm
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: almost 2 years ago
Updated: about 1 year ago
CVSS Score: 8.5
CVSS vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Identifiers: GHSA-2xxh-f8r3-hvvr, CVE-2017-3523
References:
- https://nvd.nist.gov/vuln/detail/CVE-2017-3523
- http://www.debian.org/security/2017/dsa-3840
- http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html
- http://www.securityfocus.com/bid/97982
- https://github.com/advisories/GHSA-2xxh-f8r3-hvvr
Affected Packages
maven:mysql:mysql-connector-java
Dependent packages: 6,378Dependent repositories: 562,953
Downloads:
Affected Version Ranges: <= 5.1.40
Fixed in: 5.1.41
All affected versions: 2.0.14, 3.0.8, 3.0.10, 3.1.11, 3.1.12, 3.1.13, 3.1.14, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 5.0.7, 5.0.8, 5.1.1, 5.1.2, 5.1.3, 5.1.4, 5.1.5, 5.1.6, 5.1.8, 5.1.9, 5.1.10, 5.1.11, 5.1.12, 5.1.13, 5.1.14, 5.1.15, 5.1.16, 5.1.17, 5.1.18, 5.1.19, 5.1.20, 5.1.21, 5.1.22, 5.1.23, 5.1.24, 5.1.25, 5.1.26, 5.1.27, 5.1.28, 5.1.29, 5.1.30, 5.1.31, 5.1.32, 5.1.33, 5.1.34, 5.1.35, 5.1.36, 5.1.37, 5.1.38, 5.1.39, 5.1.40
All unaffected versions: 5.1.41, 5.1.42, 5.1.43, 5.1.44, 5.1.45, 5.1.46, 5.1.47, 5.1.48, 5.1.49, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, 8.0.11, 8.0.12, 8.0.13, 8.0.14, 8.0.15, 8.0.16, 8.0.17, 8.0.18, 8.0.19, 8.0.20, 8.0.21, 8.0.22, 8.0.23, 8.0.24, 8.0.25, 8.0.26, 8.0.27, 8.0.28, 8.0.29, 8.0.30, 8.0.31, 8.0.32, 8.0.33