PT-2021-6680 · Mysql Server · Mysql Connectors

Published

2021-11-15

Updated

2024-01-26

CVE-2022-21363

CVSS v2.0

7.1

High

Vector

AV:N/AC:H/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions MySQL Connectors versions 8.0.27 and prior

Description The issue is related to insufficient input validation in the Connector/J component of the MySQL Connectors system, which can be exploited by a remote attacker to execute arbitrary code. This can lead to a takeover of MySQL Connectors. The exploitation is considered difficult and requires a high-privileged attacker with network access via multiple protocols.

Recommendations For versions 8.0.27 and prior, update to a version that includes the fix for this issue to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-280

Related Identifiers

AZL-7739

BDU:2022-02025

CVE-2022-21363

GHSA-G76J-4CXX-23H9

OESA-2022-1519

OESA-2024-1103

RHSA-2022:4918

RHSA-2022:4919

Affected Products

Mysql Connectors

PT-2021-6680 · Mysql Server · Mysql Connectors

CVE-2022-21363

Weakness Enumeration

Related Identifiers

Affected Products

References · 88