Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

CVE-2023-21971

Disclosure Date: April 18, 2023 •

CVE-2023-21971 CVSS v3 Base Score: 5.3

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.32 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors as well as unauthorized update, insert or delete access to some of MySQL Connectors accessible data and unauthorized read access to a subset of MySQL Connectors accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:H).

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

5.3 Medium

Impact Score:

4.7

Exploitability Score:

0.5

Vector:

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:H

Attack Vector (AV):

Network

Attack Complexity (AC):

High

Privileges Required (PR):

High

User Interaction (UI):

Required

Scope (S):

Unchanged

Confidentiality (C):

Low

Integrity (I):

Low

Availability (A):

High

Vendors

netapp,
oracle

Products

active iq unified manager -,
communications cloud native core binding support function 22.4.0,
communications cloud native core binding support function 23.1.0,
communications cloud native core policy 22.4.0,
communications cloud native core policy 23.1.0,
mysql connectors,
oncommand insight -,
snapcenter -

References

Canonical

CVE-2023-21971 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21971)

Exploit

PoCs that have not been added by contributors directly have been sourced from: nomi-sec/PoC-in-GitHub.
A PoC added here by the AKB Worker must have at least 2 GitHub stars.

CVE-2023-21971_Analysis (https://github.com/Avento/CVE-2023-21971_Analysis) (Added by AKB Worker)

Miscellaneous

https://www.oracle.com/security-alerts/cpuapr2023.html

https://security.netapp.com/advisory/ntap-20230427-0007/

https://security.netapp.com/advisory/ntap-20230427-0010/

https://www.oracle.com/security-alerts/cpujul2023.html

Rapid7

Unknown

CVE-2023-21971

Unknown

Unknown

Required

High

Network

CVE-2023-21971

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Exploit

Miscellaneous

Additional Info

Technical Analysis

Unknown

CVE-2023-21971

Unknown

Unknown

Required

High

Network

CVE-2023-21971

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Exploit

Miscellaneous

Additional Info

Technical Analysis

Quick Cookie Notification