#VU82144 Improper input validation in MySQL Connectors - CVE-2023-22102

Cybersecurity Help s.r.o.

Published: 2023-10-17

Vulnerability identifier: #VU82144

Vulnerability risk: High

CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2023-22102

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
MySQL Connectors
Hardware solutions / Drivers

Vendor: Oracle

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The vulnerability exists due to improper input validation within the Connector/J component in MySQL Connectors. A remote non-authenticated attacker can exploit this vulnerability to execute arbitrary code.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

MySQL Connectors: 8.0.7 - 8.1.0

External links
https://www.oracle.com/security-alerts/cpuoct2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in IBM Cloud Pak for AIOps

Multiple vulnerabilities in IBM Business Automation Manager Open Editions

IBM watsonx.data update for Oracle MySQL Connectors

Improper input validation in IBM InfoSphere Information Server

Improper input validation in IBM Event Processing

Multiple vulnerabilities in Red Hat build of Quarkus

Multiple vulnerabilities in Oracle Communications Cloud Native Core Network Repository Function

Multiple vulnerabilities in Oracle Communications Cloud Native Core Network Exposure Function

Multiple vulnerabilities in Oracle Communications Cloud Native Core Unified Data Repository

Multiple vulnerabilities in MySQL Connectors