tibcosoftware / asassets_cachemanagement Goto Github PK
View Code? Open in Web Editor NEWLicense: Eclipse Public License 1.0
asassets_cachemanagement's People
Contributors
Stargazers
Watchers
asassets_cachemanagement's Issues
CVE-2020-2934 (Medium) detected in mysql-connector-java-5.1.14.jar - autoclosed
CVE-2020-2934 - Medium Severity Vulnerability
Vulnerable Library - mysql-connector-java-5.1.14.jar
MySQL JDBC Type 4 driver
Library home page: http://dev.mysql.com/doc/connector-j/en/
Path to vulnerable library: ASAssets_CacheManagement/Release/archive/CacheFramework_2017Q4/CacheFramework_2017Q4/CacheFramework_Shared_2017Q4/files/conf/adapters/system/mysql_5_0/mysql-connector-java-5.1.14-bin.jar,ASAssets_CacheManagement/Release/archive/CacheFramework_2018Q1/CacheFramework_2018Q1/CacheFrameworkSample_SqlServer_2018Q1/files/conf/adapters/system/mysql_5_0/mysql-connector-java-5.1.14-bin.jar,ASAssets_CacheManagement/Release/archive/CacheFramework_2017Q4/CacheFramework_2017Q4/CacheFrameworkSample_Netezza_2017Q4/files/conf/adapters/system/mysql_5_0/mysql-connector-java-5.1.14-bin.jar,ASAssets_CacheManagement/Release/archive/CacheFramework_2018Q1/CacheFramework_2018Q1/CacheFrameworkSample_Netezza_2018Q1/files/conf/adapters/system/mysql_5_0/mysql-connector-java-5.1.14-bin.jar,ASAssets_CacheManagement/Release/archive/CacheFramework_2017Q4/CacheFramework_2017Q4/CacheFrameworkSample_SqlServer_2017Q4/files/conf/adapters/system/mysql_5_0/mysql-connector-java-5.1.14-bin.jar,ASAssets_CacheManagement/Release/archive/CacheFramework_2017Q4/CacheFramework_2017Q4/CacheFrameworkSample_Oracle_2017Q4/files/conf/adapters/system/mysql_5_0/mysql-connector-java-5.1.14-bin.jar,ASAssets_CacheManagement/Release/archive/CacheFramework_2018Q1/CacheFramework_2018Q1/CacheFrameworkSample_Oracle_2018Q1/files/conf/adapters/system/mysql_5_0/mysql-connector-java-5.1.14-bin.jar,ASAssets_CacheManagement/Release/archive/CacheFramework_2018Q1/CacheFramework_2018Q1/CacheFramework_Shared_2018Q1/files/conf/adapters/system/mysql_5_0/mysql-connector-java-5.1.14-bin.jar
Dependency Hierarchy:
- ❌ mysql-connector-java-5.1.14.jar (Vulnerable Library)
Found in base branch: master
Vulnerability Details
Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.19 and prior and 5.1.48 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data as well as unauthorized read access to a subset of MySQL Connectors accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Connectors. CVSS 3.0 Base Score 5.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L).
Publish Date: 2020-04-15
URL: CVE-2020-2934
CVSS 3 Score Details (5.0)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: Low
Suggested Fix
Type: Upgrade version
Origin: https://www.oracle.com/security-alerts/cpuapr2020.html
Release Date: 2020-04-15
Fix Resolution: mysql:mysql-connector-java:5.1.49,8.0.20
- Check this box to open an automated fix PR
CVE-2017-3523 (High) detected in mysql-connector-java-5.1.14.jar - autoclosed
CVE-2017-3523 - High Severity Vulnerability
Vulnerable Library - mysql-connector-java-5.1.14.jar
MySQL JDBC Type 4 driver
Library home page: http://dev.mysql.com/doc/connector-j/en/
Path to vulnerable library: ASAssets_CacheManagement/Release/archive/CacheFramework_2017Q4/CacheFramework_2017Q4/CacheFramework_Shared_2017Q4/files/conf/adapters/system/mysql_5_0/mysql-connector-java-5.1.14-bin.jar,ASAssets_CacheManagement/Release/archive/CacheFramework_2018Q1/CacheFramework_2018Q1/CacheFrameworkSample_SqlServer_2018Q1/files/conf/adapters/system/mysql_5_0/mysql-connector-java-5.1.14-bin.jar,ASAssets_CacheManagement/Release/archive/CacheFramework_2017Q4/CacheFramework_2017Q4/CacheFrameworkSample_Netezza_2017Q4/files/conf/adapters/system/mysql_5_0/mysql-connector-java-5.1.14-bin.jar,ASAssets_CacheManagement/Release/archive/CacheFramework_2018Q1/CacheFramework_2018Q1/CacheFrameworkSample_Netezza_2018Q1/files/conf/adapters/system/mysql_5_0/mysql-connector-java-5.1.14-bin.jar,ASAssets_CacheManagement/Release/archive/CacheFramework_2017Q4/CacheFramework_2017Q4/CacheFrameworkSample_SqlServer_2017Q4/files/conf/adapters/system/mysql_5_0/mysql-connector-java-5.1.14-bin.jar,ASAssets_CacheManagement/Release/archive/CacheFramework_2017Q4/CacheFramework_2017Q4/CacheFrameworkSample_Oracle_2017Q4/files/conf/adapters/system/mysql_5_0/mysql-connector-java-5.1.14-bin.jar,ASAssets_CacheManagement/Release/archive/CacheFramework_2018Q1/CacheFramework_2018Q1/CacheFrameworkSample_Oracle_2018Q1/files/conf/adapters/system/mysql_5_0/mysql-connector-java-5.1.14-bin.jar,ASAssets_CacheManagement/Release/archive/CacheFramework_2018Q1/CacheFramework_2018Q1/CacheFramework_Shared_2018Q1/files/conf/adapters/system/mysql_5_0/mysql-connector-java-5.1.14-bin.jar
Dependency Hierarchy:
- ❌ mysql-connector-java-5.1.14.jar (Vulnerable Library)
Found in HEAD commit: 4b80ead00d1002b688d8983f95d5718751eea118
Found in base branch: master
Vulnerability Details
Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 5.1.40 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. While the vulnerability is in MySQL Connectors, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.0 Base Score 8.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H).
Publish Date: 2017-04-24
URL: CVE-2017-3523
CVSS 3 Score Details (8.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: Low
- User Interaction: None
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html
Release Date: 2017-04-24
Fix Resolution: 5.1.41
- Check this box to open an automated fix PR
CVE-2020-2875 (Medium) detected in mysql-connector-java-5.1.14.jar - autoclosed
CVE-2020-2875 - Medium Severity Vulnerability
Vulnerable Library - mysql-connector-java-5.1.14.jar
MySQL JDBC Type 4 driver
Library home page: http://dev.mysql.com/doc/connector-j/en/
Path to vulnerable library: ASAssets_CacheManagement/Release/archive/CacheFramework_2017Q4/CacheFramework_2017Q4/CacheFramework_Shared_2017Q4/files/conf/adapters/system/mysql_5_0/mysql-connector-java-5.1.14-bin.jar,ASAssets_CacheManagement/Release/archive/CacheFramework_2018Q1/CacheFramework_2018Q1/CacheFrameworkSample_SqlServer_2018Q1/files/conf/adapters/system/mysql_5_0/mysql-connector-java-5.1.14-bin.jar,ASAssets_CacheManagement/Release/archive/CacheFramework_2017Q4/CacheFramework_2017Q4/CacheFrameworkSample_Netezza_2017Q4/files/conf/adapters/system/mysql_5_0/mysql-connector-java-5.1.14-bin.jar,ASAssets_CacheManagement/Release/archive/CacheFramework_2018Q1/CacheFramework_2018Q1/CacheFrameworkSample_Netezza_2018Q1/files/conf/adapters/system/mysql_5_0/mysql-connector-java-5.1.14-bin.jar,ASAssets_CacheManagement/Release/archive/CacheFramework_2017Q4/CacheFramework_2017Q4/CacheFrameworkSample_SqlServer_2017Q4/files/conf/adapters/system/mysql_5_0/mysql-connector-java-5.1.14-bin.jar,ASAssets_CacheManagement/Release/archive/CacheFramework_2017Q4/CacheFramework_2017Q4/CacheFrameworkSample_Oracle_2017Q4/files/conf/adapters/system/mysql_5_0/mysql-connector-java-5.1.14-bin.jar,ASAssets_CacheManagement/Release/archive/CacheFramework_2018Q1/CacheFramework_2018Q1/CacheFrameworkSample_Oracle_2018Q1/files/conf/adapters/system/mysql_5_0/mysql-connector-java-5.1.14-bin.jar,ASAssets_CacheManagement/Release/archive/CacheFramework_2018Q1/CacheFramework_2018Q1/CacheFramework_Shared_2018Q1/files/conf/adapters/system/mysql_5_0/mysql-connector-java-5.1.14-bin.jar
Dependency Hierarchy:
- ❌ mysql-connector-java-5.1.14.jar (Vulnerable Library)
Found in base branch: master
Vulnerability Details
Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.14 and prior and 5.1.48 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Connectors, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data as well as unauthorized read access to a subset of MySQL Connectors accessible data. CVSS 3.0 Base Score 4.7 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N).
Publish Date: 2020-04-15
URL: CVE-2020-2875
CVSS 3 Score Details (4.7)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: mysql/mysql-connector-j@79a4336
Release Date: 2020-04-15
Fix Resolution: mysql:mysql-connector-java:5.1.49,8.0.15
- Check this box to open an automated fix PR
CVE-2017-3589 (Low) detected in mysql-connector-java-5.1.14.jar - autoclosed
CVE-2017-3589 - Low Severity Vulnerability
Vulnerable Library - mysql-connector-java-5.1.14.jar
MySQL JDBC Type 4 driver
Library home page: http://dev.mysql.com/doc/connector-j/en/
Path to vulnerable library: ASAssets_CacheManagement/Release/archive/CacheFramework_2017Q4/CacheFramework_2017Q4/CacheFramework_Shared_2017Q4/files/conf/adapters/system/mysql_5_0/mysql-connector-java-5.1.14-bin.jar,ASAssets_CacheManagement/Release/archive/CacheFramework_2018Q1/CacheFramework_2018Q1/CacheFrameworkSample_SqlServer_2018Q1/files/conf/adapters/system/mysql_5_0/mysql-connector-java-5.1.14-bin.jar,ASAssets_CacheManagement/Release/archive/CacheFramework_2017Q4/CacheFramework_2017Q4/CacheFrameworkSample_Netezza_2017Q4/files/conf/adapters/system/mysql_5_0/mysql-connector-java-5.1.14-bin.jar,ASAssets_CacheManagement/Release/archive/CacheFramework_2018Q1/CacheFramework_2018Q1/CacheFrameworkSample_Netezza_2018Q1/files/conf/adapters/system/mysql_5_0/mysql-connector-java-5.1.14-bin.jar,ASAssets_CacheManagement/Release/archive/CacheFramework_2017Q4/CacheFramework_2017Q4/CacheFrameworkSample_SqlServer_2017Q4/files/conf/adapters/system/mysql_5_0/mysql-connector-java-5.1.14-bin.jar,ASAssets_CacheManagement/Release/archive/CacheFramework_2017Q4/CacheFramework_2017Q4/CacheFrameworkSample_Oracle_2017Q4/files/conf/adapters/system/mysql_5_0/mysql-connector-java-5.1.14-bin.jar,ASAssets_CacheManagement/Release/archive/CacheFramework_2018Q1/CacheFramework_2018Q1/CacheFrameworkSample_Oracle_2018Q1/files/conf/adapters/system/mysql_5_0/mysql-connector-java-5.1.14-bin.jar,ASAssets_CacheManagement/Release/archive/CacheFramework_2018Q1/CacheFramework_2018Q1/CacheFramework_Shared_2018Q1/files/conf/adapters/system/mysql_5_0/mysql-connector-java-5.1.14-bin.jar
Dependency Hierarchy:
- ❌ mysql-connector-java-5.1.14.jar (Vulnerable Library)
Found in HEAD commit: 4b80ead00d1002b688d8983f95d5718751eea118
Found in base branch: master
Vulnerability Details
Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 5.1.41 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Connectors executes to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data. CVSS 3.0 Base Score 3.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).
Publish Date: 2017-04-24
URL: CVE-2017-3589
CVSS 3 Score Details (3.3)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: Low
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3589
Release Date: 2017-04-24
Fix Resolution: 5.1.42
- Check this box to open an automated fix PR
CVE-2019-2692 (Medium) detected in mysql-connector-java-5.1.14.jar - autoclosed
CVE-2019-2692 - Medium Severity Vulnerability
Vulnerable Library - mysql-connector-java-5.1.14.jar
MySQL JDBC Type 4 driver
Library home page: http://dev.mysql.com/doc/connector-j/en/
Path to vulnerable library: ASAssets_CacheManagement/Release/archive/CacheFramework_2017Q4/CacheFramework_2017Q4/CacheFramework_Shared_2017Q4/files/conf/adapters/system/mysql_5_0/mysql-connector-java-5.1.14-bin.jar,ASAssets_CacheManagement/Release/archive/CacheFramework_2018Q1/CacheFramework_2018Q1/CacheFrameworkSample_SqlServer_2018Q1/files/conf/adapters/system/mysql_5_0/mysql-connector-java-5.1.14-bin.jar,ASAssets_CacheManagement/Release/archive/CacheFramework_2017Q4/CacheFramework_2017Q4/CacheFrameworkSample_Netezza_2017Q4/files/conf/adapters/system/mysql_5_0/mysql-connector-java-5.1.14-bin.jar,ASAssets_CacheManagement/Release/archive/CacheFramework_2018Q1/CacheFramework_2018Q1/CacheFrameworkSample_Netezza_2018Q1/files/conf/adapters/system/mysql_5_0/mysql-connector-java-5.1.14-bin.jar,ASAssets_CacheManagement/Release/archive/CacheFramework_2017Q4/CacheFramework_2017Q4/CacheFrameworkSample_SqlServer_2017Q4/files/conf/adapters/system/mysql_5_0/mysql-connector-java-5.1.14-bin.jar,ASAssets_CacheManagement/Release/archive/CacheFramework_2017Q4/CacheFramework_2017Q4/CacheFrameworkSample_Oracle_2017Q4/files/conf/adapters/system/mysql_5_0/mysql-connector-java-5.1.14-bin.jar,ASAssets_CacheManagement/Release/archive/CacheFramework_2018Q1/CacheFramework_2018Q1/CacheFrameworkSample_Oracle_2018Q1/files/conf/adapters/system/mysql_5_0/mysql-connector-java-5.1.14-bin.jar,ASAssets_CacheManagement/Release/archive/CacheFramework_2018Q1/CacheFramework_2018Q1/CacheFramework_Shared_2018Q1/files/conf/adapters/system/mysql_5_0/mysql-connector-java-5.1.14-bin.jar
Dependency Hierarchy:
- ❌ mysql-connector-java-5.1.14.jar (Vulnerable Library)
Found in base branch: master
Vulnerability Details
Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Connectors executes to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).
Publish Date: 2019-04-23
URL: CVE-2019-2692
CVSS 3 Score Details (6.3)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: High
- Privileges Required: High
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: GHSA-jcq3-cprp-m333
Release Date: 2019-04-23
Fix Resolution: mysql:mysql-connector-java:8.0.16
- Check this box to open an automated fix PR
CVE-2017-3586 (Medium) detected in mysql-connector-java-5.1.14.jar - autoclosed
CVE-2017-3586 - Medium Severity Vulnerability
Vulnerable Library - mysql-connector-java-5.1.14.jar
MySQL JDBC Type 4 driver
Library home page: http://dev.mysql.com/doc/connector-j/en/
Path to vulnerable library: ASAssets_CacheManagement/Release/archive/CacheFramework_2017Q4/CacheFramework_2017Q4/CacheFramework_Shared_2017Q4/files/conf/adapters/system/mysql_5_0/mysql-connector-java-5.1.14-bin.jar,ASAssets_CacheManagement/Release/archive/CacheFramework_2018Q1/CacheFramework_2018Q1/CacheFrameworkSample_SqlServer_2018Q1/files/conf/adapters/system/mysql_5_0/mysql-connector-java-5.1.14-bin.jar,ASAssets_CacheManagement/Release/archive/CacheFramework_2017Q4/CacheFramework_2017Q4/CacheFrameworkSample_Netezza_2017Q4/files/conf/adapters/system/mysql_5_0/mysql-connector-java-5.1.14-bin.jar,ASAssets_CacheManagement/Release/archive/CacheFramework_2018Q1/CacheFramework_2018Q1/CacheFrameworkSample_Netezza_2018Q1/files/conf/adapters/system/mysql_5_0/mysql-connector-java-5.1.14-bin.jar,ASAssets_CacheManagement/Release/archive/CacheFramework_2017Q4/CacheFramework_2017Q4/CacheFrameworkSample_SqlServer_2017Q4/files/conf/adapters/system/mysql_5_0/mysql-connector-java-5.1.14-bin.jar,ASAssets_CacheManagement/Release/archive/CacheFramework_2017Q4/CacheFramework_2017Q4/CacheFrameworkSample_Oracle_2017Q4/files/conf/adapters/system/mysql_5_0/mysql-connector-java-5.1.14-bin.jar,ASAssets_CacheManagement/Release/archive/CacheFramework_2018Q1/CacheFramework_2018Q1/CacheFrameworkSample_Oracle_2018Q1/files/conf/adapters/system/mysql_5_0/mysql-connector-java-5.1.14-bin.jar,ASAssets_CacheManagement/Release/archive/CacheFramework_2018Q1/CacheFramework_2018Q1/CacheFramework_Shared_2018Q1/files/conf/adapters/system/mysql_5_0/mysql-connector-java-5.1.14-bin.jar
Dependency Hierarchy:
- ❌ mysql-connector-java-5.1.14.jar (Vulnerable Library)
Found in HEAD commit: 63cd6dc0a05ceb880f87084f8b9b1feb0368e54b
Found in base branch: master
Vulnerability Details
Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 5.1.41 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. While the vulnerability is in MySQL Connectors, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data as well as unauthorized read access to a subset of MySQL Connectors accessible data. CVSS 3.0 Base Score 6.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N).
Publish Date: 2017-04-24
URL: CVE-2017-3586
CVSS 3 Score Details (6.4)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: https://bugzilla.redhat.com/show_bug.cgi?id=1444406
Release Date: 2017-04-24
Fix Resolution: 5.1.42
- Check this box to open an automated fix PR
CVE-2018-3258 (High) detected in mysql-connector-java-5.1.14.jar - autoclosed
CVE-2018-3258 - High Severity Vulnerability
Vulnerable Library - mysql-connector-java-5.1.14.jar
MySQL JDBC Type 4 driver
Library home page: http://dev.mysql.com/doc/connector-j/en/
Path to vulnerable library: ASAssets_CacheManagement/Release/archive/CacheFramework_2017Q4/CacheFramework_2017Q4/CacheFramework_Shared_2017Q4/files/conf/adapters/system/mysql_5_0/mysql-connector-java-5.1.14-bin.jar,ASAssets_CacheManagement/Release/archive/CacheFramework_2018Q1/CacheFramework_2018Q1/CacheFrameworkSample_SqlServer_2018Q1/files/conf/adapters/system/mysql_5_0/mysql-connector-java-5.1.14-bin.jar,ASAssets_CacheManagement/Release/archive/CacheFramework_2017Q4/CacheFramework_2017Q4/CacheFrameworkSample_Netezza_2017Q4/files/conf/adapters/system/mysql_5_0/mysql-connector-java-5.1.14-bin.jar,ASAssets_CacheManagement/Release/archive/CacheFramework_2018Q1/CacheFramework_2018Q1/CacheFrameworkSample_Netezza_2018Q1/files/conf/adapters/system/mysql_5_0/mysql-connector-java-5.1.14-bin.jar,ASAssets_CacheManagement/Release/archive/CacheFramework_2017Q4/CacheFramework_2017Q4/CacheFrameworkSample_SqlServer_2017Q4/files/conf/adapters/system/mysql_5_0/mysql-connector-java-5.1.14-bin.jar,ASAssets_CacheManagement/Release/archive/CacheFramework_2017Q4/CacheFramework_2017Q4/CacheFrameworkSample_Oracle_2017Q4/files/conf/adapters/system/mysql_5_0/mysql-connector-java-5.1.14-bin.jar,ASAssets_CacheManagement/Release/archive/CacheFramework_2018Q1/CacheFramework_2018Q1/CacheFrameworkSample_Oracle_2018Q1/files/conf/adapters/system/mysql_5_0/mysql-connector-java-5.1.14-bin.jar,ASAssets_CacheManagement/Release/archive/CacheFramework_2018Q1/CacheFramework_2018Q1/CacheFramework_Shared_2018Q1/files/conf/adapters/system/mysql_5_0/mysql-connector-java-5.1.14-bin.jar
Dependency Hierarchy:
- ❌ mysql-connector-java-5.1.14.jar (Vulnerable Library)
Found in base branch: master
Vulnerability Details
Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
Publish Date: 2018-10-17
URL: CVE-2018-3258
CVSS 3 Score Details (8.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3258
Release Date: 2018-10-17
Fix Resolution: mysql:mysql-connector-java:8.0.13
- Check this box to open an automated fix PR
CVE-2020-2933 (Low) detected in mysql-connector-java-5.1.14.jar - autoclosed
CVE-2020-2933 - Low Severity Vulnerability
Vulnerable Library - mysql-connector-java-5.1.14.jar
MySQL JDBC Type 4 driver
Library home page: http://dev.mysql.com/doc/connector-j/en/
Path to vulnerable library: ASAssets_CacheManagement/Release/archive/CacheFramework_2017Q4/CacheFramework_2017Q4/CacheFramework_Shared_2017Q4/files/conf/adapters/system/mysql_5_0/mysql-connector-java-5.1.14-bin.jar,ASAssets_CacheManagement/Release/archive/CacheFramework_2018Q1/CacheFramework_2018Q1/CacheFrameworkSample_SqlServer_2018Q1/files/conf/adapters/system/mysql_5_0/mysql-connector-java-5.1.14-bin.jar,ASAssets_CacheManagement/Release/archive/CacheFramework_2017Q4/CacheFramework_2017Q4/CacheFrameworkSample_Netezza_2017Q4/files/conf/adapters/system/mysql_5_0/mysql-connector-java-5.1.14-bin.jar,ASAssets_CacheManagement/Release/archive/CacheFramework_2018Q1/CacheFramework_2018Q1/CacheFrameworkSample_Netezza_2018Q1/files/conf/adapters/system/mysql_5_0/mysql-connector-java-5.1.14-bin.jar,ASAssets_CacheManagement/Release/archive/CacheFramework_2017Q4/CacheFramework_2017Q4/CacheFrameworkSample_SqlServer_2017Q4/files/conf/adapters/system/mysql_5_0/mysql-connector-java-5.1.14-bin.jar,ASAssets_CacheManagement/Release/archive/CacheFramework_2017Q4/CacheFramework_2017Q4/CacheFrameworkSample_Oracle_2017Q4/files/conf/adapters/system/mysql_5_0/mysql-connector-java-5.1.14-bin.jar,ASAssets_CacheManagement/Release/archive/CacheFramework_2018Q1/CacheFramework_2018Q1/CacheFrameworkSample_Oracle_2018Q1/files/conf/adapters/system/mysql_5_0/mysql-connector-java-5.1.14-bin.jar,ASAssets_CacheManagement/Release/archive/CacheFramework_2018Q1/CacheFramework_2018Q1/CacheFramework_Shared_2018Q1/files/conf/adapters/system/mysql_5_0/mysql-connector-java-5.1.14-bin.jar
Dependency Hierarchy:
- ❌ mysql-connector-java-5.1.14.jar (Vulnerable Library)
Found in base branch: master
Vulnerability Details
Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 5.1.48 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Connectors. CVSS 3.0 Base Score 2.2 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L).
Publish Date: 2020-04-15
URL: CVE-2020-2933
CVSS 3 Score Details (2.2)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: High
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: Low
Suggested Fix
Type: Upgrade version
Origin: https://docs.oracle.com/javase/7/docs/api/javax/xml/XMLConstants.html#FEATURE_SECURE_PROCESSING
Release Date: 2020-04-15
Fix Resolution: mysql:mysql-connector-java:5.1.49
- Check this box to open an automated fix PR
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.