CVE-2019-2692 - OpenCVE

Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Connectors executes to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

No CVSS v3.1

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Local

Access Complexity High

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:H/Au:S/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Oracle	Mysql Connector\/j

Configuration 1 [-]

cpe:2.3:a:oracle:mysql_connector\/j:*:*:*:*:*:*:*:*

References

Link	Resource
http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html	Patch Vendor Advisory
http://www.securityfocus.com/bid/107925
https://security.netapp.com/advisory/ntap-20190423-0002/

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: oracle

Published: 2019-04-23T18:16:44

Updated: 2019-09-30T18:52:09

Reserved: 2018-12-14T00:00:00

Link: CVE-2019-2692

JSON object: View

NVD Information

Status : Modified

Published: 2019-04-23T19:32:55.880

Modified: 2020-08-24T17:37:01.140

Link: CVE-2019-2692

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo

{"containers": {"cna": {"affected": [{"product": "MySQL Connectors", "vendor": "Oracle Corporation", "versions": [{"status": "affected", "version": "8.0.15 and prior"}]}], "descriptions": [{"lang": "en", "value": "Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Connectors executes to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H)."}], "problemTypes": [{"descriptions": [{"description": "Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Connectors executes to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Connectors.", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-09-30T18:52:09", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"}, {"name": "107925", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/107925"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20190423-0002/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2019-2692", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "MySQL Connectors", "version": {"version_data": [{"version_affected": "=", "version_value": "8.0.15 and prior"}]}}]}, "vendor_name": "Oracle Corporation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Connectors executes to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Connectors executes to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Connectors."}]}]}, "references": {"reference_data": [{"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "refsource": "MISC", "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"}, {"name": "107925", "refsource": "BID", "url": "http://www.securityfocus.com/bid/107925"}, {"name": "https://security.netapp.com/advisory/ntap-20190423-0002/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190423-0002/"}]}}}}, "cveMetadata": {"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2019-2692", "datePublished": "2019-04-23T18:16:44", "dateReserved": "2018-12-14T00:00:00", "dateUpdated": "2019-09-30T18:52:09", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:mysql_connector\\/j:*:*:*:*:*:*:*:*", "matchCriteriaId": "955A3C34-8849-4811-BAD1-4F055FAC3379", "versionEndIncluding": "8.0.15", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Connectors executes to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H)."}, {"lang": "es", "value": "Vulnerabilidad en el componente MySQL Connectors de Oracle MySQL (subcomponente: Connector/J). Las versiones compatibles que se ven afectadas son 8.0.15 y anteriores. Vulnerabilidad dif\u00edcil de operaci\u00f3n que permite a un atacante muy privilegiado iniciar sesi\u00f3n en la infraestructura donde se ejecuta MySQL connectors y comprometer a MySQL Connectors. Los ataques con \u00e9xito requieren la interacci\u00f3n humana con otra persona distinta al atacante. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en la apropiaci\u00f3n de MySQL Connectors. CVSS 3.0 Puntuaci\u00f3n Base 6.3 (impactos de confidencialidad, integridad y disponibilidad). Vector CVSS: (CVSS:3.0/AV:L/AC:h/PR:h/UI:R/S:U/C:h/I:h/A.)."}], "id": "CVE-2019-2692", "lastModified": "2020-08-24T17:37:01.140", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 3.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:H/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 1.5, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 0.3, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-04-23T19:32:55.880", "references": [{"source": "secalert_us@oracle.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"}, {"source": "secalert_us@oracle.com", "url": "http://www.securityfocus.com/bid/107925"}, {"source": "secalert_us@oracle.com", "url": "https://security.netapp.com/advisory/ntap-20190423-0002/"}], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}