CVE-2020-2934

Name of the Vulnerable Software and Affected Versions MySQL Connectors versions 8.0.19 and prior MySQL Connectors versions 5.1.48 and prior

Description The issue is related to insufficient access control in the Connector/J component of the MySQL Connectors system. It may allow a remote attacker to cause a denial of service or gain unauthorized access to protected information. The vulnerability can be exploited by an unauthenticated attacker with network access via multiple protocols, but it requires human interaction from a person other than the attacker. Successful attacks can result in unauthorized access to some of the MySQL Connectors' accessible data, including update, insert, or delete access, as well as unauthorized read access to a subset of the data. Additionally, it can lead to a partial denial of service of MySQL Connectors.

Recommendations For versions 8.0.19 and prior, update to a version later than 8.0.19 to resolve the issue. For versions 5.1.48 and prior, update to a version later than 5.1.48 to resolve the issue. As a temporary workaround, consider restricting access to the Connector/J component until a patch is available.