CVE-2023-22102
Public on 2023-10-17
Modified on 2024-06-03
Description
A vulnerability was found in the MySQL Connectors product of Oracle MySQL (component: Connector/J). This issue may allow unauthenticated attackers with network access via multiple protocols to compromise MySQL Connectors. CVE-2023-22102 can be mitigated by not establishing unencrypted connections over untrusted networks. We do not plan to provide a fix for mysql-connector-java in Amazon Linux 2.
Severity
Medium
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 1 | mysql-connector-java | No Fix Planned | ||
| Amazon Linux 2 - Core | mysql-connector-java | No Fix Planned |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 5.8 | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L |
| NVD | CVSSv3 | 8.3 | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H |