Vulnerability Details : CVE-2023-21971

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.32 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors as well as unauthorized update, insert or delete access to some of MySQL Connectors accessible data and unauthorized read access to a subset of MySQL Connectors accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:H).

Vulnerability category: Denial of service

Published 2023-04-18 20:15:17

Updated 2023-07-21 19:21:47

Source Oracle

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2023-21971

Probability of exploitation activity in the next 30 days: 0.08%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 34 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2023-21971

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
5.3	MEDIUM	CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:H	0.5	4.7	[email protected]
Attack Vector: Network Attack Complexity: High Privileges Required: High User Interaction: Required Scope: Unchanged Confidentiality: Low Integrity: Low Availability: High

References for CVE-2023-21971

https://www.oracle.com/security-alerts/cpuapr2023.html

Patch;Vendor Advisory

CVEs referencing this url
https://security.netapp.com/advisory/ntap-20230427-0007/

Third Party Advisory

CVEs referencing this url
https://www.oracle.com/security-alerts/cpujul2023.html

Patch;Vendor Advisory

CVEs referencing this url
https://security.netapp.com/advisory/ntap-20230427-0010/

Third Party Advisory

Products affected by CVE-2023-21971

Oracle » Mysql Connectors
Versions from including (>=) 8.0.0 and up to, including, (<=) 8.0.32
cpe:2.3:a:oracle:mysql_connectors:*:*:*:*:*:*:*:*
Matching versions
Oracle » Communications Cloud Native Core Policy » Version: 22.4.0
cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.4.0:*:*:*:*:*:*:*
Matching versions
Oracle » Communications Cloud Native Core Policy » Version: 23.1.0
cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.1.0:*:*:*:*:*:*:*
Matching versions
Oracle » Communications Cloud Native Core Binding Support Function » Version: 22.4.0
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.4.0:*:*:*:*:*:*:*
Matching versions
Oracle » Communications Cloud Native Core Binding Support Function » Version: 23.1.0
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.1.0:*:*:*:*:*:*:*
Matching versions
Netapp » Oncommand Insight » Version: N/A
cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
Matching versions
Netapp » Snapcenter » Version: N/A
cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*
Matching versions
Netapp » Active Iq Unified Manager » Version: N/A For Vmware Vsphere
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
Matching versions
Netapp » Active Iq Unified Manager » Version: N/A For Windows
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*
Matching versions
Netapp » Active Iq Unified Manager » Version: N/A For Linux
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*
Matching versions