Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistApacheCVELIST:CVE-2022-45347
HistoryDec 22, 2022 - 10:47 a.m.

CVE-2022-45347 Apache ShardingSphere-Proxy: MySQL authentication bypass

2022-12-2210:47:44
CWE-459
apache
www.cve.org
1
apache
shardingsphere-proxy
mysql
authentication bypass
fix
cve-2022-45347

AI Score

9.9

Confidence

High

EPSS

0.03

Percentile

91.0%

JSON

Apache ShardingSphere-Proxy prior to 5.3.0 when using MySQL as database backend didn’t cleanup the database session completely after client authentication failed, which allowed an attacker to execute normal commands by constructing a special MySQL client. This vulnerability has been fixed in Apache ShardingSphere 5.3.0.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Apache ShardingSphere-Proxy",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "lessThan": "5.3.0",
        "status": "affected",
        "version": "0",
        "versionType": "maven"
      }
    ]
  }
]

Related

veracode 1
prion 1
github 1
cve 1
nvd 1
osv 2
veracode
veracode
Arbitrary Command Execution
2022-12-27 08:59:23
prion
prion
Authentication flaw
2022-12-22 11:15:00
github
github
Apache ShardingSphere-Proxy Incomplete Cleanup vulnerability
2022-12-22 12:30:16
cve
cve
CVE-2022-45347
2022-12-22 11:15:09
nvd
nvd
CVE-2022-45347
2022-12-22 11:15:09
osv
osv
Apache ShardingSphere-Proxy Incomplete Cleanup vulnerability
2022-12-22 12:30:16
CVE-2022-45347
2022-12-22 11:15:09

AI Score

9.9

Confidence

High

EPSS

0.03

Percentile

91.0%

JSON
Related for CVELIST:CVE-2022-45347
veracode1prion1github1cve1nvd1osv2