CVE-2023-21971 - Vulnerability in MySQL Connectors: Impact on Confidentiality, Integrity, and Availability

Introduction:
A new vulnerability, CVE-2023-21971, has been discovered in the MySQL Connectors product of Oracle MySQL (Connector/J). This vulnerability affects supported versions 8..32 and prior. With a CVSS 3.1 Base Score of 5.3, this vulnerability has the potential to impact confidentiality, integrity, and availability.

Exploit Details

This vulnerability may allow a highly privileged attacker with network access via multiple protocols to compromise MySQL Connectors. It is important to note that successful attacks require human interaction from a person other than the attacker. The vulnerability's exploitation can lead to unauthorized ability to cause a hang or frequently repeatable crash, also known as a complete Denial of Service (DoS) of MySQL Connectors. In addition, unauthorized update, insert, or delete access to some of MySQL Connectors' accessible data, as well as unauthorized read access to a subset of MySQL Connectors' accessible data, is possible.

CVSS Vector

The CVSS Vector for this vulnerability is as follows: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:H

Code Snippet

Though specific exploit code cannot be provided for security reasons, it is crucial that affected users review the Original Advisory from Oracle and follow the recommended steps to secure their systems.

Mitigation

To guard against this vulnerability, administrators are advised to update their installations to the latest supported version, MySQL Connector/J 8..33 or later. Refer to the Oracle Critical Patch Update Advisory for further information on securing your systems.

For those using the affected versions (8..32 and prior), it is strongly recommended to restrict network access, apply the appropriate patches, and consider implementing the Principle of Least Privilege in managing user access to the system.

Conclusion

CVE-2023-21971 highlights the importance of staying up-to-date with software versions and continually monitoring for emerging threats. By updating to the latest MySQL Connectors supported version and following the advice provided by Oracle, you can help minimize the risk posed by this vulnerability and protect your organization's data and systems. Stay informed and stay secure.

Timeline

Published on: 04/18/2023 20:15:00 UTC
Last modified on: 04/27/2023 15:15:00 UTC