Communications Cloud Native Core Binding Support Function
CVE-2023-21971
MEDIUM
Severity by source
AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:H
Primary rating from Vendor (oracle) · only source for this CVE.
CVSS VectorVendor: oracle
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:H
Lifecycle Timeline
1DescriptionCVE.org
Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.32 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors as well as unauthorized update, insert or delete access to some of MySQL Connectors accessible data and unauthorized read access to a subset of MySQL Connectors accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:H).
AnalysisAI
Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable.
Technical ContextAI
Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.32 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors as well as unauthorized update, insert or delete access to some of MySQL Connectors accessible data and unauthorized read access to a subset of MySQL Connectors accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:H). Affected products include: Oracle Communications Cloud Native Core Binding Support Function, Oracle Communications Cloud Native Core Policy, Oracle Mysql Connectors, Netapp Active Iq Unified Manager, Netapp Oncommand Insight.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack whe
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data b
XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerabili
In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string.
XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerabili
XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerabili
XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerabili
XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerabili
XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerabili
XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerabili
XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerabili
XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerabili
Same technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today