#VU82144 Improper input validation in MySQL Connectors


Published: 2023-10-17

Vulnerability identifier: #VU82144

Vulnerability risk: High

CVSSv3.1: 7.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-22102

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
MySQL Connectors
Hardware solutions / Drivers

Vendor: Oracle

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The vulnerability exists due to improper input validation within the Connector/J component in MySQL Connectors. A remote non-authenticated attacker can exploit this vulnerability to execute arbitrary code.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

MySQL Connectors: 8.0.7 - 8.1.0

External links
http://www.oracle.com/security-alerts/cpuoct2023.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Improper input validation in IBM Event Processing
Multiple vulnerabilities in Red Hat build of Quarkus
Multiple vulnerabilities in Oracle Communications Cloud Native Core Network Repository Function
Multiple vulnerabilities in Oracle Communications Cloud Native Core Network Exposure Function
Multiple vulnerabilities in Oracle Communications Cloud Native Core Unified Data Repository
Multiple vulnerabilities in MySQL Connectors