CVE-2023-21971

MEDIUM

Oracle MySQL Connector/J <8.0.32 - Privilege Escalation

Title source: llm
STIX 2.1

Description

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.32 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors as well as unauthorized update, insert or delete access to some of MySQL Connectors accessible data and unauthorized read access to a subset of MySQL Connectors accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:H).

Exploits (1)

nomisec WORKING POC 3 stars
by Avento · poc
https://github.com/Avento/CVE-2023-21971_Analysis

References (4)

Core 4

Scores

CVSS v3 5.3
EPSS 0.0014
EPSS Percentile 33.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

Status published
Products (8)
netapp/active_iq_unified_manager (3 CPE variants)
netapp/oncommand_insight
netapp/snapcenter
oracle/communications_cloud_native_core_binding_support_function 22.4.0
oracle/communications_cloud_native_core_binding_support_function 23.1.0
oracle/communications_cloud_native_core_policy 22.4.0
oracle/communications_cloud_native_core_policy 23.1.0
oracle/mysql_connectors 8.0.0 - 8.0.32
Published Apr 18, 2023
Tracked Since Feb 18, 2026