CVE-2023-21971

Description

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.32 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors as well as unauthorized update, insert or delete access to some of MySQL Connectors accessible data and unauthorized read access to a subset of MySQL Connectors accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:H).

Oracle
Severity: MEDIUM
CVE ID: CVE-2023-21971
CVSS Score: 5.3
CVSS Metrics: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:H

Refrence: NVD MITRE

Proof Of Concept

Avento

CVE-2023-21971 Connector/J RCE Analysis分析

Refrence: GitHub

Description​

Proof Of Concept​

Description

Proof Of Concept