Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/161553?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/161553?format=api", "purl": "pkg:maven/mysql/mysql-connector-java@5.1.10", "type": "maven", "namespace": "mysql", "name": "mysql-connector-java", "version": "5.1.10", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57116?format=api", "vulnerability_id": "VCID-28f6-ud4w-aug9", "summary": "Multiple vulnerabilities have been found in MySQL, the worst of\n which could result in the arbitrary execution of code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-2934.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-2934.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-2934", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0016", "scoring_system": "epss", "scoring_elements": "0.36828", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0016", "scoring_system": "epss", "scoring_elements": "0.36862", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0016", "scoring_system": "epss", "scoring_elements": "0.36985", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0016", "scoring_system": "epss", "scoring_elements": "0.37019", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0016", "scoring_system": "epss", "scoring_elements": "0.36848", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0016", "scoring_system": "epss", "scoring_elements": "0.36899", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0016", "scoring_system": "epss", "scoring_elements": "0.36914", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0016", "scoring_system": "epss", "scoring_elements": "0.36922", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0016", "scoring_system": "epss", "scoring_elements": "0.36887", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-2934" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2875", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2875" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2933", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2933" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2934", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2934" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00015.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T18:00:45Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00015.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QDR2WOUETBT76WAO5NNCCXSAM3AGG3D/", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T18:00:45Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QDR2WOUETBT76WAO5NNCCXSAM3AGG3D/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDKQVPFT4Z4SFPBH6YNFMJOXKS2YYKHA/", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T18:00:45Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDKQVPFT4Z4SFPBH6YNFMJOXKS2YYKHA/" }, { "reference_url": "https://www.debian.org/security/2020/dsa-4703", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T18:00:45Z/" } ], "url": "https://www.debian.org/security/2020/dsa-4703" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T18:00:45Z/" } ], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T18:00:45Z/" } ], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851014", "reference_id": "1851014", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851014" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:mysql_connector\\/j:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:mysql_connector\\/j:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:mysql_connector\\/j:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-2934", "reference_id": "CVE-2020-2934", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:P/I:P/A:P" }, { "value": "5.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-2934" }, { "reference_url": "https://security.gentoo.org/glsa/202105-27", "reference_id": "GLSA-202105-27", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T18:00:45Z/" } ], "url": "https://security.gentoo.org/glsa/202105-27" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4960", "reference_id": "RHSA-2020:4960", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4960" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4961", "reference_id": "RHSA-2020:4961", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4961" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:5134", "reference_id": "RHSA-2021:5134", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:5134" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/178980?format=api", "purl": "pkg:maven/mysql/mysql-connector-java@5.1.49", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7v7q-8wa6-hff5" }, { "vulnerability": "VCID-e37q-8shh-v7aw" }, { "vulnerability": "VCID-ht8v-kvcr-77ds" }, { "vulnerability": "VCID-xap5-du1j-c7ed" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/mysql/mysql-connector-java@5.1.49" }, { "url": "http://public2.vulnerablecode.io/api/packages/204919?format=api", "purl": "pkg:maven/mysql/mysql-connector-java@8.0.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4w4j-hadb-w3e6" }, { "vulnerability": "VCID-e37q-8shh-v7aw" }, { "vulnerability": "VCID-xap5-du1j-c7ed" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/mysql/mysql-connector-java@8.0.20" } ], "aliases": [ "CVE-2020-2934" ], "risk_score": 2.3, "exploitability": "0.5", "weighted_severity": "4.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-28f6-ud4w-aug9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55944?format=api", "vulnerability_id": "VCID-3j8x-ev9x-1kh1", "summary": "Improper Access Control in MySQL Connectors Java\nUnspecified vulnerability in the MySQL Connectors component in Oracle MySQL 5.1.34 and earlier allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Connector/J.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00089.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00089.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2575.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2575.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-2575", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01777", "scoring_system": "epss", "scoring_elements": "0.82689", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01777", "scoring_system": "epss", "scoring_elements": "0.82694", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01777", "scoring_system": "epss", "scoring_elements": "0.82617", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01777", "scoring_system": "epss", "scoring_elements": "0.82634", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01777", "scoring_system": "epss", "scoring_elements": "0.82677", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01777", "scoring_system": "epss", "scoring_elements": "0.82648", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01777", "scoring_system": "epss", "scoring_elements": "0.8267", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01777", "scoring_system": "epss", "scoring_elements": "0.82644", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01777", "scoring_system": "epss", "scoring_elements": "0.82684", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-2575" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2575", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2575" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2575", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2575" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20150417-0003", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20150417-0003" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20150417-0003/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20150417-0003/" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3621", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2016/dsa-3621" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1212764", "reference_id": "1212764", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1212764" }, { "reference_url": "https://github.com/advisories/GHSA-gc43-g62c-99g2", "reference_id": "GHSA-gc43-g62c-99g2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gc43-g62c-99g2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/82823?format=api", "purl": "pkg:maven/mysql/mysql-connector-java@5.1.35", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-28f6-ud4w-aug9" }, { "vulnerability": "VCID-7v7q-8wa6-hff5" }, { "vulnerability": "VCID-e37q-8shh-v7aw" }, { "vulnerability": "VCID-ht8v-kvcr-77ds" }, { "vulnerability": "VCID-rwme-t5cx-vub3" }, { "vulnerability": "VCID-u33b-3n5s-4qfv" }, { "vulnerability": "VCID-ucu7-scqc-nkcc" }, { "vulnerability": "VCID-un2e-gea1-xue9" }, { "vulnerability": "VCID-xap5-du1j-c7ed" }, { "vulnerability": "VCID-xpjh-mszn-buag" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/mysql/mysql-connector-java@5.1.35" } ], "aliases": [ "CVE-2015-2575", "GHSA-gc43-g62c-99g2" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3j8x-ev9x-1kh1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9951?format=api", "vulnerability_id": "VCID-7v7q-8wa6-hff5", "summary": "Improper Access Control\nA vulnerability in the MySQL Connectors component of Oracle MySQL exists. Successful attacks of this vulnerability can result in takeover of MySQL Connectors.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1545", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T18:16:07Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2019:1545" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-3258.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-3258.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-3258", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04126", "scoring_system": "epss", "scoring_elements": "0.88634", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.04126", "scoring_system": "epss", "scoring_elements": "0.88583", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.04126", "scoring_system": "epss", "scoring_elements": "0.88592", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.04126", "scoring_system": "epss", "scoring_elements": "0.88639", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.04126", "scoring_system": "epss", "scoring_elements": "0.88638", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.04126", "scoring_system": "epss", "scoring_elements": "0.88646", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.04126", "scoring_system": "epss", "scoring_elements": "0.88609", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.04126", "scoring_system": "epss", "scoring_elements": "0.88611", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.04126", "scoring_system": "epss", "scoring_elements": "0.88629", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-3258" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20181018-0002", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20181018-0002" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20181018-0002/", "reference_id": "", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T18:16:07Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20181018-0002/" }, { "reference_url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T18:16:07Z/" } ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" }, { "reference_url": "http://www.securityfocus.com/bid/105589", "reference_id": "", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T18:16:07Z/" } ], "url": "http://www.securityfocus.com/bid/105589" }, { "reference_url": "http://www.securitytracker.com/id/1041888", "reference_id": "", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T18:16:07Z/" } ], "url": "http://www.securitytracker.com/id/1041888" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1640615", "reference_id": "1640615", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1640615" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-3258", "reference_id": "CVE-2018-3258", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-3258" }, { "reference_url": "https://github.com/advisories/GHSA-4vrv-ch96-6h42", "reference_id": "GHSA-4vrv-ch96-6h42", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4vrv-ch96-6h42" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4366", "reference_id": "RHSA-2020:4366", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4366" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/32011?format=api", "purl": "pkg:maven/mysql/mysql-connector-java@8.0.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-28f6-ud4w-aug9" }, { "vulnerability": "VCID-4w4j-hadb-w3e6" }, { "vulnerability": "VCID-e37q-8shh-v7aw" }, { "vulnerability": "VCID-ht8v-kvcr-77ds" }, { "vulnerability": "VCID-u33b-3n5s-4qfv" }, { "vulnerability": "VCID-xap5-du1j-c7ed" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/mysql/mysql-connector-java@8.0.13" } ], "aliases": [ "CVE-2018-3258", "GHSA-4vrv-ch96-6h42" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7v7q-8wa6-hff5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/12225?format=api", "vulnerability_id": "VCID-e37q-8shh-v7aw", "summary": "Unknown Vulnerability\nVulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-21363.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-21363.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-21363", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01012", "scoring_system": "epss", "scoring_elements": "0.7715", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01012", "scoring_system": "epss", "scoring_elements": "0.77081", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01012", "scoring_system": "epss", "scoring_elements": "0.77113", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01012", "scoring_system": "epss", "scoring_elements": "0.77123", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01012", "scoring_system": "epss", "scoring_elements": "0.77129", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01012", "scoring_system": "epss", "scoring_elements": "0.77069", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01012", "scoring_system": "epss", "scoring_elements": "0.77125", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01012", "scoring_system": "epss", "scoring_elements": "0.77098", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-21363" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-24T17:38:01Z/" } ], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047343", "reference_id": "2047343", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047343" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21363", "reference_id": "CVE-2022-21363", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21363" }, { "reference_url": "https://github.com/advisories/GHSA-g76j-4cxx-23h9", "reference_id": "GHSA-g76j-4cxx-23h9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-g76j-4cxx-23h9" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:4623", "reference_id": "RHSA-2022:4623", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:4623" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:4918", "reference_id": "RHSA-2022:4918", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:4918" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:4919", "reference_id": "RHSA-2022:4919", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:4919" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:4922", "reference_id": "RHSA-2022:4922", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:4922" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5532", "reference_id": "RHSA-2022:5532", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5532" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/43512?format=api", "purl": "pkg:maven/mysql/mysql-connector-java@8.0.28", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-xap5-du1j-c7ed" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/mysql/mysql-connector-java@8.0.28" } ], "aliases": [ "CVE-2022-21363", "GHSA-g76j-4cxx-23h9" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e37q-8shh-v7aw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10596?format=api", "vulnerability_id": "VCID-ht8v-kvcr-77ds", "summary": "Improper Input Validation\nDifficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Connectors executes to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker and can result in takeover of MySQL Connectors.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-2692.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-2692.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-2692", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01012", "scoring_system": "epss", "scoring_elements": "0.77123", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01012", "scoring_system": "epss", "scoring_elements": "0.77061", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01012", "scoring_system": "epss", "scoring_elements": "0.77067", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01012", "scoring_system": "epss", "scoring_elements": "0.77096", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01012", "scoring_system": "epss", "scoring_elements": "0.77079", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01012", "scoring_system": "epss", "scoring_elements": "0.77112", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01012", "scoring_system": "epss", "scoring_elements": "0.77121", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01012", "scoring_system": "epss", "scoring_elements": "0.77148", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01012", "scoring_system": "epss", "scoring_elements": "0.77128", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-2692" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190423-0002", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20190423-0002" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190423-0002/", "reference_id": "", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T15:55:48Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20190423-0002/" }, { "reference_url": "https://snyk.io/vuln/SNYK-JAVA-MYSQL-174574", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://snyk.io/vuln/SNYK-JAVA-MYSQL-174574" }, { "reference_url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T15:55:48Z/" } ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { "reference_url": "http://www.securityfocus.com/bid/107925", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T15:55:48Z/" } ], "url": "http://www.securityfocus.com/bid/107925" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1703402", "reference_id": "1703402", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1703402" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-2692", "reference_id": "CVE-2019-2692", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-2692" }, { "reference_url": "https://github.com/advisories/GHSA-jcq3-cprp-m333", "reference_id": "GHSA-jcq3-cprp-m333", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jcq3-cprp-m333" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:5568", "reference_id": "RHSA-2020:5568", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:5568" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/36213?format=api", "purl": "pkg:maven/mysql/mysql-connector-java@8.0.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-28f6-ud4w-aug9" }, { "vulnerability": "VCID-4w4j-hadb-w3e6" }, { "vulnerability": "VCID-e37q-8shh-v7aw" }, { "vulnerability": "VCID-xap5-du1j-c7ed" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/mysql/mysql-connector-java@8.0.16" } ], "aliases": [ "CVE-2019-2692", "GHSA-jcq3-cprp-m333" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ht8v-kvcr-77ds" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7899?format=api", "vulnerability_id": "VCID-rwme-t5cx-vub3", "summary": "Incorrect Privilege Assignment\nDifficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. While the vulnerability is in MySQL Connectors, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Connectors.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3523.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3523.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-3523", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01646", "scoring_system": "epss", "scoring_elements": "0.81972", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01646", "scoring_system": "epss", "scoring_elements": "0.81977", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01646", "scoring_system": "epss", "scoring_elements": "0.81989", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01646", "scoring_system": "epss", "scoring_elements": "0.81969", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01646", "scoring_system": "epss", "scoring_elements": "0.81961", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01646", "scoring_system": "epss", "scoring_elements": "0.81935", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01646", "scoring_system": "epss", "scoring_elements": "0.81939", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01646", "scoring_system": "epss", "scoring_elements": "0.81905", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01646", "scoring_system": "epss", "scoring_elements": "0.81916", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-3523" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3523", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3523" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:S/C:P/I:P/A:P" }, { "value": "8.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "http://www.debian.org/security/2017/dsa-3840", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-04T16:22:40Z/" } ], "url": "http://www.debian.org/security/2017/dsa-3840" }, { "reference_url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-04T16:22:40Z/" } ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" }, { "reference_url": "http://www.securityfocus.com/bid/97982", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-04T16:22:40Z/" } ], "url": "http://www.securityfocus.com/bid/97982" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1444759", "reference_id": "1444759", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1444759" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:connector\\/j:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:connector\\/j:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:connector\\/j:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3523", "reference_id": "CVE-2017-3523", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:S/C:P/I:P/A:P" }, { "value": "8.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "8.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3523" }, { "reference_url": "https://github.com/advisories/GHSA-2xxh-f8r3-hvvr", "reference_id": "GHSA-2xxh-f8r3-hvvr", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2xxh-f8r3-hvvr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/24115?format=api", "purl": "pkg:maven/mysql/mysql-connector-java@5.1.41", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-28f6-ud4w-aug9" }, { "vulnerability": "VCID-7v7q-8wa6-hff5" }, { "vulnerability": "VCID-e37q-8shh-v7aw" }, { "vulnerability": "VCID-ht8v-kvcr-77ds" }, { "vulnerability": "VCID-u33b-3n5s-4qfv" }, { "vulnerability": "VCID-ucu7-scqc-nkcc" }, { "vulnerability": "VCID-un2e-gea1-xue9" }, { "vulnerability": "VCID-xap5-du1j-c7ed" }, { "vulnerability": "VCID-xpjh-mszn-buag" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/mysql/mysql-connector-java@5.1.41" } ], "aliases": [ "CVE-2017-3523", "GHSA-2xxh-f8r3-hvvr" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rwme-t5cx-vub3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57094?format=api", "vulnerability_id": "VCID-u33b-3n5s-4qfv", "summary": "Multiple vulnerabilities have been found in MySQL, the worst of\n which could result in the arbitrary execution of code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-2875.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-2875.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-2875", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0069", "scoring_system": "epss", "scoring_elements": "0.71745", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0069", "scoring_system": "epss", "scoring_elements": "0.71803", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0069", "scoring_system": "epss", "scoring_elements": "0.71753", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0069", "scoring_system": "epss", "scoring_elements": "0.71771", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0069", "scoring_system": "epss", "scoring_elements": "0.71746", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0069", "scoring_system": "epss", "scoring_elements": "0.71785", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0069", "scoring_system": "epss", "scoring_elements": "0.71796", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0069", "scoring_system": "epss", "scoring_elements": "0.7182", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-2875" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2875", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2875" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2933", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2933" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2934", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2934" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00015.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T18:02:06Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00015.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QDR2WOUETBT76WAO5NNCCXSAM3AGG3D/", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T18:02:06Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QDR2WOUETBT76WAO5NNCCXSAM3AGG3D/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDKQVPFT4Z4SFPBH6YNFMJOXKS2YYKHA/", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T18:02:06Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDKQVPFT4Z4SFPBH6YNFMJOXKS2YYKHA/" }, { "reference_url": "https://www.debian.org/security/2020/dsa-4703", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T18:02:06Z/" } ], "url": "https://www.debian.org/security/2020/dsa-4703" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T18:02:06Z/" } ], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851019", "reference_id": "1851019", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851019" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:mysql_connector\\/j:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:mysql_connector\\/j:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:mysql_connector\\/j:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-2875", "reference_id": "CVE-2020-2875", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:P/I:P/A:N" }, { "value": "4.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-2875" }, { "reference_url": "https://security.gentoo.org/glsa/202105-27", "reference_id": "GLSA-202105-27", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T18:02:06Z/" } ], "url": "https://security.gentoo.org/glsa/202105-27" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4960", "reference_id": "RHSA-2020:4960", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4960" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4961", "reference_id": "RHSA-2020:4961", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4961" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:5134", "reference_id": "RHSA-2021:5134", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:5134" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/178980?format=api", "purl": "pkg:maven/mysql/mysql-connector-java@5.1.49", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7v7q-8wa6-hff5" }, { "vulnerability": "VCID-e37q-8shh-v7aw" }, { "vulnerability": "VCID-ht8v-kvcr-77ds" }, { "vulnerability": "VCID-xap5-du1j-c7ed" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/mysql/mysql-connector-java@5.1.49" }, { "url": "http://public2.vulnerablecode.io/api/packages/36212?format=api", "purl": "pkg:maven/mysql/mysql-connector-java@8.0.15", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-28f6-ud4w-aug9" }, { "vulnerability": "VCID-4w4j-hadb-w3e6" }, { "vulnerability": "VCID-e37q-8shh-v7aw" }, { "vulnerability": "VCID-ht8v-kvcr-77ds" }, { "vulnerability": "VCID-xap5-du1j-c7ed" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/mysql/mysql-connector-java@8.0.15" } ], "aliases": [ "CVE-2020-2875" ], "risk_score": 2.1, "exploitability": "0.5", "weighted_severity": "4.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u33b-3n5s-4qfv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57115?format=api", "vulnerability_id": "VCID-ucu7-scqc-nkcc", "summary": "Multiple vulnerabilities have been found in MySQL, the worst of\n which could result in the arbitrary execution of code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-2933.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-2933.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-2933", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00732", "scoring_system": "epss", "scoring_elements": "0.72642", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00732", "scoring_system": "epss", "scoring_elements": "0.72694", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00732", "scoring_system": "epss", "scoring_elements": "0.7265", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00732", "scoring_system": "epss", "scoring_elements": "0.72667", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00732", "scoring_system": "epss", "scoring_elements": "0.72645", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00732", "scoring_system": "epss", "scoring_elements": "0.72684", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00732", "scoring_system": "epss", "scoring_elements": "0.72697", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00732", "scoring_system": "epss", "scoring_elements": "0.72721", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00732", "scoring_system": "epss", "scoring_elements": "0.72704", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-2933" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2875", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2875" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2933", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2933" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2934", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2934" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00015.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T18:00:47Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00015.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QDR2WOUETBT76WAO5NNCCXSAM3AGG3D/", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T18:00:47Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QDR2WOUETBT76WAO5NNCCXSAM3AGG3D/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDKQVPFT4Z4SFPBH6YNFMJOXKS2YYKHA/", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T18:00:47Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDKQVPFT4Z4SFPBH6YNFMJOXKS2YYKHA/" }, { "reference_url": "https://www.debian.org/security/2020/dsa-4703", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T18:00:47Z/" } ], "url": "https://www.debian.org/security/2020/dsa-4703" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T18:00:47Z/" } ], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851022", "reference_id": "1851022", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851022" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:mysql_connector\\/j:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:mysql_connector\\/j:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:mysql_connector\\/j:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-2933", "reference_id": "CVE-2020-2933", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:S/C:N/I:N/A:P" }, { "value": "2.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L" }, { "value": "2.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-2933" }, { "reference_url": "https://security.gentoo.org/glsa/202105-27", "reference_id": "GLSA-202105-27", "reference_type": "", "scores": [ { "value": "2.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T18:00:47Z/" } ], "url": "https://security.gentoo.org/glsa/202105-27" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4960", "reference_id": "RHSA-2020:4960", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4960" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4961", "reference_id": "RHSA-2020:4961", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4961" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/178980?format=api", "purl": "pkg:maven/mysql/mysql-connector-java@5.1.49", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7v7q-8wa6-hff5" }, { "vulnerability": "VCID-e37q-8shh-v7aw" }, { "vulnerability": "VCID-ht8v-kvcr-77ds" }, { "vulnerability": "VCID-xap5-du1j-c7ed" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/mysql/mysql-connector-java@5.1.49" } ], "aliases": [ "CVE-2020-2933" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ucu7-scqc-nkcc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7900?format=api", "vulnerability_id": "VCID-un2e-gea1-xue9", "summary": "Incorrect Privilege Assignment\nEasily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Connectors executes to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3589.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3589.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-3589", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.37775", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.37673", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.37855", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.3788", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.37759", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.37809", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.37822", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.37836", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.378", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-3589" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3586", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3586" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3589", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3589" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "1.7", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:S/C:N/I:P/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "http://www.debian.org/security/2017/dsa-3857", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-07T15:44:31Z/" } ], "url": "http://www.debian.org/security/2017/dsa-3857" }, { "reference_url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-07T15:44:31Z/" } ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" }, { "reference_url": "http://www.securityfocus.com/bid/97836", "reference_id": "", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-07T15:44:31Z/" } ], "url": "http://www.securityfocus.com/bid/97836" }, { "reference_url": "http://www.securitytracker.com/id/1038287", "reference_id": "", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-07T15:44:31Z/" } ], "url": "http://www.securitytracker.com/id/1038287" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1444407", "reference_id": "1444407", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1444407" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:connector\\/j:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:connector\\/j:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:connector\\/j:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3589", "reference_id": "CVE-2017-3589", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:N/C:N/I:P/A:N" }, { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3589" }, { "reference_url": "https://github.com/advisories/GHSA-cjcf-wm2p-59h5", "reference_id": "GHSA-cjcf-wm2p-59h5", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cjcf-wm2p-59h5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/24116?format=api", "purl": "pkg:maven/mysql/mysql-connector-java@5.1.42", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-28f6-ud4w-aug9" }, { "vulnerability": "VCID-7v7q-8wa6-hff5" }, { "vulnerability": "VCID-e37q-8shh-v7aw" }, { "vulnerability": "VCID-ht8v-kvcr-77ds" }, { "vulnerability": "VCID-u33b-3n5s-4qfv" }, { "vulnerability": "VCID-ucu7-scqc-nkcc" }, { "vulnerability": "VCID-xap5-du1j-c7ed" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/mysql/mysql-connector-java@5.1.42" } ], "aliases": [ "CVE-2017-3589", "GHSA-cjcf-wm2p-59h5" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-un2e-gea1-xue9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/19502?format=api", "vulnerability_id": "VCID-xap5-du1j-c7ed", "summary": "Improper Access Control\nVulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.1.0 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Connectors, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of MySQL Connectors.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22102.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22102.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22102", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03493", "scoring_system": "epss", "scoring_elements": "0.87594", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.03493", "scoring_system": "epss", "scoring_elements": "0.87597", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.03493", "scoring_system": "epss", "scoring_elements": "0.87549", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.03493", "scoring_system": "epss", "scoring_elements": "0.87562", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.03493", "scoring_system": "epss", "scoring_elements": "0.87565", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.03493", "scoring_system": "epss", "scoring_elements": "0.87584", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.03493", "scoring_system": "epss", "scoring_elements": "0.87601", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.03493", "scoring_system": "epss", "scoring_elements": "0.8759", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22102" }, { "reference_url": "https://github.com/mysql/mysql-connector-j", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "8.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mysql/mysql-connector-j" }, { "reference_url": "https://github.com/mysql/mysql-connector-j/compare/8.1.0...8.2.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "8.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mysql/mysql-connector-j/compare/8.1.0...8.2.0" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20231027-0007", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "8.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20231027-0007" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20231027-0007/", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-06T15:27:01Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20231027-0007/" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2023.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "8.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-06T15:27:01Z/" } ], "url": "https://www.oracle.com/security-alerts/cpuoct2023.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2256474", "reference_id": "2256474", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2256474" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22102", "reference_id": "CVE-2023-22102", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "8.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22102" }, { "reference_url": "https://github.com/advisories/GHSA-m6vm-37g8-gqvh", "reference_id": "GHSA-m6vm-37g8-gqvh", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m6vm-37g8-gqvh" } ], "fixed_packages": [], "aliases": [ "CVE-2023-22102", "GHSA-m6vm-37g8-gqvh" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xap5-du1j-c7ed" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7897?format=api", "vulnerability_id": "VCID-xpjh-mszn-buag", "summary": "Privilege\nAn easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3586.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3586.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-3586", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00802", "scoring_system": "epss", "scoring_elements": "0.74093", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00802", "scoring_system": "epss", "scoring_elements": "0.74045", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00802", "scoring_system": "epss", "scoring_elements": "0.74051", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00802", "scoring_system": "epss", "scoring_elements": "0.74077", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00802", "scoring_system": "epss", "scoring_elements": "0.74049", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00802", "scoring_system": "epss", "scoring_elements": "0.74082", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00802", "scoring_system": "epss", "scoring_elements": "0.74097", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00802", "scoring_system": "epss", "scoring_elements": "0.74118", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00802", "scoring_system": "epss", "scoring_elements": "0.741", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-3586" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3586", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3586" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3589", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3589" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:P/I:P/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "http://www.debian.org/security/2017/dsa-3857", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-07T15:44:34Z/" } ], "url": "http://www.debian.org/security/2017/dsa-3857" }, { "reference_url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-07T15:44:34Z/" } ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" }, { "reference_url": "http://www.securityfocus.com/bid/97784", "reference_id": "", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-07T15:44:34Z/" } ], "url": "http://www.securityfocus.com/bid/97784" }, { "reference_url": "http://www.securityfocus.com/bid/97982", "reference_id": "", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-07T15:44:34Z/" } ], "url": "http://www.securityfocus.com/bid/97982" }, { "reference_url": "http://www.securitytracker.com/id/1038287", "reference_id": "", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-07T15:44:34Z/" } ], "url": "http://www.securitytracker.com/id/1038287" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1444406", "reference_id": "1444406", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1444406" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:mysql_connectors:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:mysql_connectors:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:mysql_connectors:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3586", "reference_id": "CVE-2017-3586", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:P/I:P/A:N" }, { "value": "6.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3586" }, { "reference_url": "https://github.com/advisories/GHSA-pwh7-92h3-mqr6", "reference_id": "GHSA-pwh7-92h3-mqr6", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pwh7-92h3-mqr6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/24116?format=api", "purl": "pkg:maven/mysql/mysql-connector-java@5.1.42", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-28f6-ud4w-aug9" }, { "vulnerability": "VCID-7v7q-8wa6-hff5" }, { "vulnerability": "VCID-e37q-8shh-v7aw" }, { "vulnerability": "VCID-ht8v-kvcr-77ds" }, { "vulnerability": "VCID-u33b-3n5s-4qfv" }, { "vulnerability": "VCID-ucu7-scqc-nkcc" }, { "vulnerability": "VCID-xap5-du1j-c7ed" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/mysql/mysql-connector-java@5.1.42" } ], "aliases": [ "CVE-2017-3586", "GHSA-pwh7-92h3-mqr6" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xpjh-mszn-buag" } ], "fixing_vulnerabilities": [], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/mysql/mysql-connector-java@5.1.10" }