Bug 1173599

Summary: VUL-1: CVE-2020-2875: mysql-connector-java: mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete
Product: [Novell Products] SUSE Security Incidents Reporter: Alexandros Toptsoglou <atoptsoglou>
Component: IncidentsAssignee: Pedro Monreal Gonzalez <pmonrealgonzalez>
Status: RESOLVED DUPLICATE QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P5 - None CC: smash_bz
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/257508/
Whiteboard: CVSSv3.1:SUSE:CVE-2020-2875:4.7:(AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N) CVSSv3.1:SUSE:CVE-2020-2933:2.2:(AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L) CVSSv3.1:SUSE:CVE-2020-2934:5.0:(AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Alexandros Toptsoglou 2020-07-01 15:46:26 UTC 
CVE-2020-2875

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.14 and prior and 5.1.48 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Connectors, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data as well as unauthorized read access to a subset of MySQL Connectors accessible data. 

References:

https://www.oracle.com/security-alerts/cpuapr2020.html
https://lists.debian.org/debian-lts-announce/2020/06/msg00015.html 	
https://www.debian.org/security/2020/dsa-4703

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1851019
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-2875
https://www.oracle.com/security-alerts/cpuapr2020.html
http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-2875.html
http://www.debian.org/security/-1/dsa-4703
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2875
https://lists.debian.org/debian-lts-announce/2020/06/msg00015.html
Comment 1 Alexandros Toptsoglou 2020-07-01 16:09:46 UTC 
Trackerbug at bsc#1173600

*** This bug has been marked as a duplicate of bug 1173600 ***