Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/210171?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/210171?format=api", "purl": "pkg:maven/mysql/mysql-connector-java@5.1.24", "type": "maven", "namespace": "mysql", "name": "mysql-connector-java", "version": "5.1.24", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/52520?format=api", "vulnerability_id": "VCID-72nd-w2gx-d3f3", "summary": "Channel Accessible by Non-Endpoint\nDifficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Connectors, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data as well as unauthorized read access to a subset of MySQL Connectors accessible data.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-2875.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-2875.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-2875", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0069", "scoring_system": "epss", "scoring_elements": "0.7219", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0069", "scoring_system": "epss", "scoring_elements": "0.72203", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.0069", "scoring_system": "epss", "scoring_elements": "0.72232", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0069", "scoring_system": "epss", "scoring_elements": "0.72238", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0069", "scoring_system": "epss", "scoring_elements": "0.72217", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-2875" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2875", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2875" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2933", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2933" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2934", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2934" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T18:02:06Z/" } ], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851019", "reference_id": "1851019", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851019" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QDR2WOUETBT76WAO5NNCCXSAM3AGG3D/", "reference_id": "4QDR2WOUETBT76WAO5NNCCXSAM3AGG3D", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T18:02:06Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QDR2WOUETBT76WAO5NNCCXSAM3AGG3D/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-2875", "reference_id": "CVE-2020-2875", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-2875" }, { "reference_url": "https://www.debian.org/security/2020/dsa-4703", "reference_id": "dsa-4703", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T18:02:06Z/" } ], "url": "https://www.debian.org/security/2020/dsa-4703" }, { "reference_url": "https://security.gentoo.org/glsa/202105-27", "reference_id": "GLSA-202105-27", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T18:02:06Z/" } ], "url": "https://security.gentoo.org/glsa/202105-27" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDKQVPFT4Z4SFPBH6YNFMJOXKS2YYKHA/", "reference_id": "MDKQVPFT4Z4SFPBH6YNFMJOXKS2YYKHA", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T18:02:06Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDKQVPFT4Z4SFPBH6YNFMJOXKS2YYKHA/" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00015.html", "reference_id": "msg00015.html", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T18:02:06Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00015.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4960", "reference_id": "RHSA-2020:4960", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4960" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4961", "reference_id": "RHSA-2020:4961", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4961" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:5134", "reference_id": "RHSA-2021:5134", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:5134" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/77122?format=api", "purl": "pkg:maven/mysql/mysql-connector-java@5.1.49", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-feuw-5bef-mkd8" }, { "vulnerability": "VCID-j1qe-t57w-tkdx" }, { "vulnerability": "VCID-k4f8-83mc-t3h4" }, { "vulnerability": "VCID-ked3-zdsm-quf3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/mysql/mysql-connector-java@5.1.49" }, { "url": "http://public2.vulnerablecode.io/api/packages/57893?format=api", "purl": "pkg:maven/mysql/mysql-connector-java@8.0.15", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4d6p-3e9z-kff5" }, { "vulnerability": "VCID-feuw-5bef-mkd8" }, { "vulnerability": "VCID-gywz-fwqc-bfgh" }, { "vulnerability": "VCID-k4f8-83mc-t3h4" }, { "vulnerability": "VCID-ked3-zdsm-quf3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/mysql/mysql-connector-java@8.0.15" } ], "aliases": [ "CVE-2020-2875" ], "risk_score": 2.1, "exploitability": "0.5", "weighted_severity": "4.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-72nd-w2gx-d3f3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111628?format=api", "vulnerability_id": "VCID-b4bp-ysqr-57d8", "summary": "Improper Access Control in MySQL Connectors Java\nUnspecified vulnerability in the MySQL Connectors component in Oracle MySQL 5.1.34 and earlier allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Connector/J.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00089.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00089.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2575.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2575.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-2575", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01777", "scoring_system": "epss", "scoring_elements": "0.83056", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.01777", "scoring_system": "epss", "scoring_elements": "0.83048", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.01777", "scoring_system": "epss", "scoring_elements": "0.83033", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01777", "scoring_system": "epss", "scoring_elements": "0.83059", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-2575" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2575", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2575" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2575", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2575" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20150417-0003", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20150417-0003" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20150417-0003/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20150417-0003/" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3621", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2016/dsa-3621" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1212764", "reference_id": "1212764", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1212764" }, { "reference_url": "https://github.com/advisories/GHSA-gc43-g62c-99g2", "reference_id": "GHSA-gc43-g62c-99g2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gc43-g62c-99g2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/153186?format=api", "purl": "pkg:maven/mysql/mysql-connector-java@5.1.35", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-72nd-w2gx-d3f3" }, { "vulnerability": "VCID-eu3y-cg8j-s3g5" }, { "vulnerability": "VCID-feuw-5bef-mkd8" }, { "vulnerability": "VCID-fp1r-3nxp-ubax" }, { "vulnerability": "VCID-gywz-fwqc-bfgh" }, { "vulnerability": "VCID-j1qe-t57w-tkdx" }, { "vulnerability": "VCID-k4f8-83mc-t3h4" }, { "vulnerability": "VCID-ka2q-xcrg-9ybg" }, { "vulnerability": "VCID-ked3-zdsm-quf3" }, { "vulnerability": "VCID-vb6j-tpuv-tbcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/mysql/mysql-connector-java@5.1.35" } ], "aliases": [ "CVE-2015-2575", "GHSA-gc43-g62c-99g2" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b4bp-ysqr-57d8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38567?format=api", "vulnerability_id": "VCID-eu3y-cg8j-s3g5", "summary": "Privilege\nAn easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3586.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3586.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-3586", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00802", "scoring_system": "epss", "scoring_elements": "0.74457", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00802", "scoring_system": "epss", "scoring_elements": "0.74474", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00802", "scoring_system": "epss", "scoring_elements": "0.74486", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00802", "scoring_system": "epss", "scoring_elements": "0.7448", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00802", "scoring_system": "epss", "scoring_elements": "0.74449", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-3586" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3586", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3586" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3589", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3589" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:P/I:P/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "http://www.debian.org/security/2017/dsa-3857", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-07T15:44:34Z/" } ], "url": "http://www.debian.org/security/2017/dsa-3857" }, { "reference_url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-07T15:44:34Z/" } ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" }, { "reference_url": "http://www.securityfocus.com/bid/97784", "reference_id": "", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-07T15:44:34Z/" } ], "url": "http://www.securityfocus.com/bid/97784" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1444406", "reference_id": "1444406", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1444406" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3586", "reference_id": "CVE-2017-3586", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3586" }, { "reference_url": "https://github.com/advisories/GHSA-pwh7-92h3-mqr6", "reference_id": "GHSA-pwh7-92h3-mqr6", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pwh7-92h3-mqr6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/53522?format=api", "purl": "pkg:maven/mysql/mysql-connector-java@5.1.42", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-72nd-w2gx-d3f3" }, { "vulnerability": "VCID-feuw-5bef-mkd8" }, { "vulnerability": "VCID-gywz-fwqc-bfgh" }, { "vulnerability": "VCID-j1qe-t57w-tkdx" }, { "vulnerability": "VCID-k4f8-83mc-t3h4" }, { "vulnerability": "VCID-ka2q-xcrg-9ybg" }, { "vulnerability": "VCID-ked3-zdsm-quf3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/mysql/mysql-connector-java@5.1.42" } ], "aliases": [ "CVE-2017-3586", "GHSA-pwh7-92h3-mqr6" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-eu3y-cg8j-s3g5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40931?format=api", "vulnerability_id": "VCID-feuw-5bef-mkd8", "summary": "Improper Input Validation\nDifficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Connectors executes to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker and can result in takeover of MySQL Connectors.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-2692.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-2692.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-2692", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01012", "scoring_system": "epss", "scoring_elements": "0.77484", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.01012", "scoring_system": "epss", "scoring_elements": "0.77468", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01012", "scoring_system": "epss", "scoring_elements": "0.77495", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.01012", "scoring_system": "epss", "scoring_elements": "0.77504", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-2692" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190423-0002", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20190423-0002" }, { "reference_url": "https://snyk.io/vuln/SNYK-JAVA-MYSQL-174574", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://snyk.io/vuln/SNYK-JAVA-MYSQL-174574" }, { "reference_url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T15:55:48Z/" } ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { "reference_url": "http://www.securityfocus.com/bid/107925", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T15:55:48Z/" } ], "url": "http://www.securityfocus.com/bid/107925" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1703402", "reference_id": "1703402", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1703402" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-2692", "reference_id": "CVE-2019-2692", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-2692" }, { "reference_url": "https://github.com/advisories/GHSA-jcq3-cprp-m333", "reference_id": "GHSA-jcq3-cprp-m333", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jcq3-cprp-m333" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190423-0002/", "reference_id": "ntap-20190423-0002", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T15:55:48Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20190423-0002/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:5568", "reference_id": "RHSA-2020:5568", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:5568" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/57894?format=api", "purl": "pkg:maven/mysql/mysql-connector-java@8.0.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4d6p-3e9z-kff5" }, { "vulnerability": "VCID-gywz-fwqc-bfgh" }, { "vulnerability": "VCID-k4f8-83mc-t3h4" }, { "vulnerability": "VCID-ked3-zdsm-quf3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/mysql/mysql-connector-java@8.0.16" } ], "aliases": [ "CVE-2019-2692", "GHSA-jcq3-cprp-m333" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-feuw-5bef-mkd8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38569?format=api", "vulnerability_id": "VCID-fp1r-3nxp-ubax", "summary": "Incorrect Privilege Assignment\nEasily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Connectors executes to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3589.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3589.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-3589", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.37481", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.37521", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.37553", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.3755", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.37456", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-3589" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3586", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3586" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3589", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3589" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "1.7", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:S/C:N/I:P/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "http://www.debian.org/security/2017/dsa-3857", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-07T15:44:31Z/" } ], "url": "http://www.debian.org/security/2017/dsa-3857" }, { "reference_url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-07T15:44:31Z/" } ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" }, { "reference_url": "http://www.securityfocus.com/bid/97836", "reference_id": "", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-07T15:44:31Z/" } ], "url": "http://www.securityfocus.com/bid/97836" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1444407", "reference_id": "1444407", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1444407" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3589", "reference_id": "CVE-2017-3589", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3589" }, { "reference_url": "https://github.com/advisories/GHSA-cjcf-wm2p-59h5", "reference_id": "GHSA-cjcf-wm2p-59h5", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cjcf-wm2p-59h5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/53522?format=api", "purl": "pkg:maven/mysql/mysql-connector-java@5.1.42", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-72nd-w2gx-d3f3" }, { "vulnerability": "VCID-feuw-5bef-mkd8" }, { "vulnerability": "VCID-gywz-fwqc-bfgh" }, { "vulnerability": "VCID-j1qe-t57w-tkdx" }, { "vulnerability": "VCID-k4f8-83mc-t3h4" }, { "vulnerability": "VCID-ka2q-xcrg-9ybg" }, { "vulnerability": "VCID-ked3-zdsm-quf3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/mysql/mysql-connector-java@5.1.42" } ], "aliases": [ "CVE-2017-3589", "GHSA-cjcf-wm2p-59h5" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fp1r-3nxp-ubax" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/52521?format=api", "vulnerability_id": "VCID-gywz-fwqc-bfgh", "summary": "Channel Accessible by Non-Endpoint\nDifficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data as well as unauthorized read access to a subset of MySQL Connectors accessible data and unauthorized ability to cause a partial denial of service (partial DoS) of MySQL Connectors.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-2934.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-2934.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-2934", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00452", "scoring_system": "epss", "scoring_elements": "0.64041", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00452", "scoring_system": "epss", "scoring_elements": "0.64069", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00452", "scoring_system": "epss", "scoring_elements": "0.64083", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00452", "scoring_system": "epss", "scoring_elements": "0.64091", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00452", "scoring_system": "epss", "scoring_elements": "0.64081", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-2934" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2875", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2875" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2933", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2933" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2934", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2934" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T18:00:45Z/" } ], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851014", "reference_id": "1851014", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851014" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QDR2WOUETBT76WAO5NNCCXSAM3AGG3D/", "reference_id": "4QDR2WOUETBT76WAO5NNCCXSAM3AGG3D", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T18:00:45Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QDR2WOUETBT76WAO5NNCCXSAM3AGG3D/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-2934", "reference_id": "CVE-2020-2934", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-2934" }, { "reference_url": "https://www.debian.org/security/2020/dsa-4703", "reference_id": "dsa-4703", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T18:00:45Z/" } ], "url": "https://www.debian.org/security/2020/dsa-4703" }, { "reference_url": "https://security.gentoo.org/glsa/202105-27", "reference_id": "GLSA-202105-27", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T18:00:45Z/" } ], "url": "https://security.gentoo.org/glsa/202105-27" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDKQVPFT4Z4SFPBH6YNFMJOXKS2YYKHA/", "reference_id": "MDKQVPFT4Z4SFPBH6YNFMJOXKS2YYKHA", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T18:00:45Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDKQVPFT4Z4SFPBH6YNFMJOXKS2YYKHA/" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00015.html", "reference_id": "msg00015.html", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T18:00:45Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00015.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4960", "reference_id": "RHSA-2020:4960", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4960" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4961", "reference_id": "RHSA-2020:4961", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4961" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:5134", "reference_id": "RHSA-2021:5134", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:5134" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/77122?format=api", "purl": "pkg:maven/mysql/mysql-connector-java@5.1.49", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-feuw-5bef-mkd8" }, { "vulnerability": "VCID-j1qe-t57w-tkdx" }, { "vulnerability": "VCID-k4f8-83mc-t3h4" }, { "vulnerability": "VCID-ked3-zdsm-quf3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/mysql/mysql-connector-java@5.1.49" }, { "url": "http://public2.vulnerablecode.io/api/packages/77124?format=api", "purl": "pkg:maven/mysql/mysql-connector-java@8.0.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4d6p-3e9z-kff5" }, { "vulnerability": "VCID-k4f8-83mc-t3h4" }, { "vulnerability": "VCID-ked3-zdsm-quf3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/mysql/mysql-connector-java@8.0.20" } ], "aliases": [ "CVE-2020-2934" ], "risk_score": 2.2, "exploitability": "0.5", "weighted_severity": "4.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gywz-fwqc-bfgh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40332?format=api", "vulnerability_id": "VCID-j1qe-t57w-tkdx", "summary": "Improper Access Control\nA vulnerability in the MySQL Connectors component of Oracle MySQL exists. Successful attacks of this vulnerability can result in takeover of MySQL Connectors.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1545", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T18:16:07Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2019:1545" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-3258.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-3258.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-3258", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04126", "scoring_system": "epss", "scoring_elements": "0.88846", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.04126", "scoring_system": "epss", "scoring_elements": "0.88844", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.04126", "scoring_system": "epss", "scoring_elements": "0.88843", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.04126", "scoring_system": "epss", "scoring_elements": "0.88829", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-3258" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20181018-0002", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20181018-0002" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20181018-0002/", "reference_id": "", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T18:16:07Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20181018-0002/" }, { "reference_url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T18:16:07Z/" } ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" }, { "reference_url": "http://www.securityfocus.com/bid/105589", "reference_id": "", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T18:16:07Z/" } ], "url": "http://www.securityfocus.com/bid/105589" }, { "reference_url": "http://www.securitytracker.com/id/1041888", "reference_id": "", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T18:16:07Z/" } ], "url": "http://www.securitytracker.com/id/1041888" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1640615", "reference_id": "1640615", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1640615" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-3258", "reference_id": "CVE-2018-3258", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-3258" }, { "reference_url": "https://github.com/advisories/GHSA-4vrv-ch96-6h42", "reference_id": "GHSA-4vrv-ch96-6h42", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4vrv-ch96-6h42" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4366", "reference_id": "RHSA-2020:4366", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4366" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/56743?format=api", "purl": "pkg:maven/mysql/mysql-connector-java@8.0.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4d6p-3e9z-kff5" }, { "vulnerability": "VCID-72nd-w2gx-d3f3" }, { "vulnerability": "VCID-feuw-5bef-mkd8" }, { "vulnerability": "VCID-gywz-fwqc-bfgh" }, { "vulnerability": "VCID-k4f8-83mc-t3h4" }, { "vulnerability": "VCID-ked3-zdsm-quf3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/mysql/mysql-connector-java@8.0.13" } ], "aliases": [ "CVE-2018-3258", "GHSA-4vrv-ch96-6h42" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j1qe-t57w-tkdx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42102?format=api", "vulnerability_id": "VCID-k4f8-83mc-t3h4", "summary": "Unknown Vulnerability\nVulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-21363.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-21363.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-21363", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00754", "scoring_system": "epss", "scoring_elements": "0.73628", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00754", "scoring_system": "epss", "scoring_elements": "0.73588", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00754", "scoring_system": "epss", "scoring_elements": "0.73601", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00754", "scoring_system": "epss", "scoring_elements": "0.73624", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00754", "scoring_system": "epss", "scoring_elements": "0.73615", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-21363" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-24T17:38:01Z/" } ], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047343", "reference_id": "2047343", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047343" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21363", "reference_id": "CVE-2022-21363", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21363" }, { "reference_url": "https://github.com/advisories/GHSA-g76j-4cxx-23h9", "reference_id": "GHSA-g76j-4cxx-23h9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-g76j-4cxx-23h9" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:4623", "reference_id": "RHSA-2022:4623", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:4623" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:4918", "reference_id": "RHSA-2022:4918", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:4918" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:4919", "reference_id": "RHSA-2022:4919", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:4919" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:4922", "reference_id": "RHSA-2022:4922", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:4922" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5532", "reference_id": "RHSA-2022:5532", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5532" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60203?format=api", "purl": "pkg:maven/mysql/mysql-connector-java@8.0.28", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ked3-zdsm-quf3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/mysql/mysql-connector-java@8.0.28" } ], "aliases": [ "CVE-2022-21363", "GHSA-g76j-4cxx-23h9" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k4f8-83mc-t3h4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/52522?format=api", "vulnerability_id": "VCID-ka2q-xcrg-9ybg", "summary": "Uncontrolled Resource Consumption\nDifficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DoS) of MySQL Connectors.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-2933.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-2933.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-2933", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00732", "scoring_system": "epss", "scoring_elements": "0.73075", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00732", "scoring_system": "epss", "scoring_elements": "0.73088", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00732", "scoring_system": "epss", "scoring_elements": "0.73113", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00732", "scoring_system": "epss", "scoring_elements": "0.73119", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00732", "scoring_system": "epss", "scoring_elements": "0.73101", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-2933" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2875", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2875" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2933", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2933" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2934", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2934" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T18:00:47Z/" } ], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851022", "reference_id": "1851022", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851022" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QDR2WOUETBT76WAO5NNCCXSAM3AGG3D/", "reference_id": "4QDR2WOUETBT76WAO5NNCCXSAM3AGG3D", "reference_type": "", "scores": [ { "value": "2.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T18:00:47Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QDR2WOUETBT76WAO5NNCCXSAM3AGG3D/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-2933", "reference_id": "CVE-2020-2933", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-2933" }, { "reference_url": "https://www.debian.org/security/2020/dsa-4703", "reference_id": "dsa-4703", "reference_type": "", "scores": [ { "value": "2.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T18:00:47Z/" } ], "url": "https://www.debian.org/security/2020/dsa-4703" }, { "reference_url": "https://security.gentoo.org/glsa/202105-27", "reference_id": "GLSA-202105-27", "reference_type": "", "scores": [ { "value": "2.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T18:00:47Z/" } ], "url": "https://security.gentoo.org/glsa/202105-27" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDKQVPFT4Z4SFPBH6YNFMJOXKS2YYKHA/", "reference_id": "MDKQVPFT4Z4SFPBH6YNFMJOXKS2YYKHA", "reference_type": "", "scores": [ { "value": "2.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T18:00:47Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDKQVPFT4Z4SFPBH6YNFMJOXKS2YYKHA/" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00015.html", "reference_id": "msg00015.html", "reference_type": "", "scores": [ { "value": "2.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T18:00:47Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00015.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4960", "reference_id": "RHSA-2020:4960", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4960" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4961", "reference_id": "RHSA-2020:4961", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4961" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/77122?format=api", "purl": "pkg:maven/mysql/mysql-connector-java@5.1.49", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-feuw-5bef-mkd8" }, { "vulnerability": "VCID-j1qe-t57w-tkdx" }, { "vulnerability": "VCID-k4f8-83mc-t3h4" }, { "vulnerability": "VCID-ked3-zdsm-quf3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/mysql/mysql-connector-java@5.1.49" } ], "aliases": [ "CVE-2020-2933" ], "risk_score": 1.0, "exploitability": "0.5", "weighted_severity": "2.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ka2q-xcrg-9ybg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46226?format=api", "vulnerability_id": "VCID-ked3-zdsm-quf3", "summary": "Improper Access Control\nVulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.1.0 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Connectors, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of MySQL Connectors.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22102.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22102.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22102", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03493", "scoring_system": "epss", "scoring_elements": "0.87835", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.03493", "scoring_system": "epss", "scoring_elements": "0.87809", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03493", "scoring_system": "epss", "scoring_elements": "0.8783", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.03493", "scoring_system": "epss", "scoring_elements": "0.87833", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22102" }, { "reference_url": "https://github.com/mysql/mysql-connector-j", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "8.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mysql/mysql-connector-j" }, { "reference_url": "https://github.com/mysql/mysql-connector-j/compare/8.1.0...8.2.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "8.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mysql/mysql-connector-j/compare/8.1.0...8.2.0" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20231027-0007", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "8.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20231027-0007" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20231027-0007/", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-06T15:27:01Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20231027-0007/" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2023.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "8.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-06T15:27:01Z/" } ], "url": "https://www.oracle.com/security-alerts/cpuoct2023.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2256474", "reference_id": "2256474", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2256474" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22102", "reference_id": "CVE-2023-22102", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "8.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22102" }, { "reference_url": "https://github.com/advisories/GHSA-m6vm-37g8-gqvh", "reference_id": "GHSA-m6vm-37g8-gqvh", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m6vm-37g8-gqvh" } ], "fixed_packages": [], "aliases": [ "CVE-2023-22102", "GHSA-m6vm-37g8-gqvh" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ked3-zdsm-quf3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38568?format=api", "vulnerability_id": "VCID-vb6j-tpuv-tbcx", "summary": "Incorrect Privilege Assignment\nDifficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. While the vulnerability is in MySQL Connectors, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Connectors.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3523.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3523.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-3523", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01646", "scoring_system": "epss", "scoring_elements": "0.82334", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.01646", "scoring_system": "epss", "scoring_elements": "0.82312", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01646", "scoring_system": "epss", "scoring_elements": "0.82341", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-3523" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3523", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3523" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:S/C:P/I:P/A:P" }, { "value": "8.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "http://www.debian.org/security/2017/dsa-3840", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-04T16:22:40Z/" } ], "url": "http://www.debian.org/security/2017/dsa-3840" }, { "reference_url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-04T16:22:40Z/" } ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" }, { "reference_url": "http://www.securityfocus.com/bid/97982", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-04T16:22:40Z/" } ], "url": "http://www.securityfocus.com/bid/97982" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1444759", "reference_id": "1444759", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1444759" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3523", "reference_id": "CVE-2017-3523", "reference_type": "", "scores": [ { "value": "8.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3523" }, { "reference_url": "https://github.com/advisories/GHSA-2xxh-f8r3-hvvr", "reference_id": "GHSA-2xxh-f8r3-hvvr", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2xxh-f8r3-hvvr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/53521?format=api", "purl": "pkg:maven/mysql/mysql-connector-java@5.1.41", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-72nd-w2gx-d3f3" }, { "vulnerability": "VCID-eu3y-cg8j-s3g5" }, { "vulnerability": "VCID-feuw-5bef-mkd8" }, { "vulnerability": "VCID-fp1r-3nxp-ubax" }, { "vulnerability": "VCID-gywz-fwqc-bfgh" }, { "vulnerability": "VCID-j1qe-t57w-tkdx" }, { "vulnerability": "VCID-k4f8-83mc-t3h4" }, { "vulnerability": "VCID-ka2q-xcrg-9ybg" }, { "vulnerability": "VCID-ked3-zdsm-quf3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/mysql/mysql-connector-java@5.1.41" } ], "aliases": [ "CVE-2017-3523", "GHSA-2xxh-f8r3-hvvr" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vb6j-tpuv-tbcx" } ], "fixing_vulnerabilities": [], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/mysql/mysql-connector-java@5.1.24" }