Vulnerabilities > CVE-2020-2875

047910
CVSS 4.7 - MEDIUM
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
LOW
Integrity impact
LOW
Availability impact
NONE
network
high complexity
oracle
fedoraproject
debian
nessus

Summary

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.14 and prior and 5.1.48 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Connectors, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data as well as unauthorized read access to a subset of MySQL Connectors accessible data. CVSS 3.0 Base Score 4.7 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N).

Vulnerable Configurations

Part Description Count
Application
Oracle
58
OS
Fedoraproject
2
OS
Debian
2

Nessus

  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_622B5C47855B11EAA5E2D4C9EF517024.NASL
    descriptionOracle reports : This Critical Patch Update contains 45 new security patches for Oracle MySQL. 9 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.
    last seen2020-05-08
    modified2020-04-24
    plugin id135942
    published2020-04-24
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135942
    titleFreeBSD : MySQL Client -- Multiple vulerabilities (622b5c47-855b-11ea-a5e2-d4c9ef517024)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4703.NASL
    descriptionThree vulnerabilities have been found in the MySQL Connector/J JDBC driver.
    last seen2020-06-13
    modified2020-06-12
    plugin id137376
    published2020-06-12
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/137376
    titleDebian DSA-4703-1 : mysql-connector-java - security update
  • NASL familyMisc.
    NASL idORACLE_MYSQL_CONNECTORS_CPU_APR_2020.NASL
    descriptionThe version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by the following vulnerabilities as referenced in the April 2020 CPU advisory: - A vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.14 and prior and 5.1.48 and prior. This is a difficult to exploit vulnerability that allows an unauthenticated attacker, remote attacker via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Connectors, attacks may significantly impact additional products. Successful attacks involving this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data as well as unauthorized read access to a subset of MySQL Connectors accessible data. (CVE-2020-2875) - A vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 5.1.48 and prior. This is a difficult to exploit vulnerability that allows a high privileged, remote attacker via multiple protocols to compromise MySQL Connectors. Successful attacks involving this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Connectors. (CVE-2020-2933) - A vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.19 and prior and 5.1.48 and prior. This is a difficult to exploit vulnerability allows an unauthenticated, remote attacker via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks involving this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data as well as unauthorized read access to a subset of MySQL Connectors accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Connectors. (CVE-2020-2934) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-05-08
    modified2020-04-15
    plugin id135588
    published2020-04-15
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135588
    titleOracle MySQL Connectors (Apr 2020 CPU)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-2245.NASL
    descriptionSeveral issues were discovered in mysql-connector-java, a Java database (JDBC) driver for MySQL, that allow attackers to update, insert or delete access to some of MySQL Connectors accessible data, unauthorized read access to a subset of the data, and partial denial of service. For Debian 8
    last seen2020-06-13
    modified2020-06-12
    plugin id137372
    published2020-06-12
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/137372
    titleDebian DLA-2245-1 : mysql-connector-java security update