PT-2023-6380 · Mysql Server+1 · Mysql Connectors+1
Paul Gerste
·
Published
2023-10-17
·
Updated
2026-05-29
·
CVE-2023-22102
CVSS v4.0
8.9
High
| Vector | AV:N/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H |
Name of the Vulnerable Software and Affected Versions
MySQL Connectors versions 8.1.0 and prior
Description
The issue is related to insufficient input validation in the Connector/J component of MySQL Connectors, allowing an unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker and may significantly impact additional products. The vulnerability can result in the takeover of MySQL Connectors.
Recommendations
For versions 8.1.0 and prior, update to a version that includes the fix for this issue to prevent exploitation. As a temporary workaround, consider restricting access to the Connector/J component to minimize the risk of exploitation. Avoid using the Connector/J component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
DoS
Improper Access Control
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Mysql Connectors
Red Os