Authorization Bypass

2018-11-2101:26:31

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.002 Low

EPSS

Percentile

62.1%

JSON

mysql-connector-java is vulnerable to authorization bypass. A low privileged remote attacker with network access via multiple protocols is able to exploit and compromise MySQL connectors leading to a complete takeover of the subcomponent.

CPENameOperatorVersion
mysql connector/jle8.0.12
mysql connector/jle5.1.47
mysql connector/jle8.0.9-rc
mod_xsendfileeq0.12__10.el7ui
mod_xsendfileeq0.12__10.el7
mod_xsendfileeq0.12__10.el7sat
keycloak-httpd-client-installeq0.8__1.el7
keycloak-httpd-client-installeq0.6__3.el7
keycloak-httpd-client-installeq0.4__1.el7ost
keycloak-httpd-client-installeq0.5__1.el7

Name	Operator	Version
mysql connector/j	le	8.0.12
mysql connector/j	le	5.1.47
mysql connector/j	le	8.0.9-rc
mod_xsendfile	eq	0.12__10.el7ui
mod_xsendfile	eq	0.12__10.el7
mod_xsendfile	eq	0.12__10.el7sat
keycloak-httpd-client-install	eq	0.8__1.el7
keycloak-httpd-client-install	eq	0.6__3.el7
keycloak-httpd-client-install	eq	0.4__1.el7ost
keycloak-httpd-client-install	eq	0.5__1.el7