CVE-2021-2471

high-risk

Published 2021-10-20

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Connectors accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors. CVSS 3.1 Base Score 5.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H).

Do I need to act?

63.8% chance of exploitation in next 30 days

EPSS score — higher than 36% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.9/10 Medium

NETWORK / HIGH complexity

Affected Products (6)

Communications Cloud Native Core Console

Communications Cloud Native Core Network Slice Selection Function

Communications Cloud Native Core Policy

Communications Cloud Native Core Security Edge Protection Proxy

Mysql Connectors

Quarkus

Affected Vendors

Oracle Quarkus

References (4)

Vendor Advisory https://www.oracle.com/security-alerts/cpuapr2022.html

Vendor Advisory https://www.oracle.com/security-alerts/cpuoct2021.html

Vendor Advisory https://www.oracle.com/security-alerts/cpuapr2022.html

Vendor Advisory https://www.oracle.com/security-alerts/cpuoct2021.html

/ 100

high-risk

Severity 18/34 · Moderate

Exploitability 19/34 · Moderate

Exposure 13/34 · Low