#VU59737 Improper input validation in MySQL Connectors


Published: 2022-01-19

Vulnerability identifier: #VU59737

Vulnerability risk: Medium

CVSSv3.1: 5.8 [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21363

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
MySQL Connectors
Hardware solutions / Drivers

Vendor: Oracle

Description

The vulnerability allows a remote privileged user to execute arbitrary code.

The vulnerability exists due to improper input validation within the Connector/J component in MySQL Connectors. A remote privileged user can exploit this vulnerability to execute arbitrary code.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

MySQL Connectors: 8.0.7 - 8.0.27

External links
http://www.oracle.com/security-alerts/cpujan2022.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


openEuler update for mysql-connector-java
Multiple vulnerabilities in IBM InfoSphere Information Server
Multiple vulnerabilities in IBM Business Automation Manager Open Editions
Multiple vulnerabilities in Red Hat Process Automation Manager
Multiple vulnerabilities in Red Hat JBoss Enterprise Application Platform
openEuler update for mysql
Multiple vulnerabilities in MySQL Connectors