CVE-2022-21363
MySQL Connectors vulnerability in mysql-connector-java (Maven)

MySQL Connectors No known exploit

What is CVE-2022-21363 About?

This vulnerability affects Oracle MySQL Connectors, specifically the Connector/J component. A highly privileged attacker with network access can compromise the connectors, leading to their complete takeover. Exploiting this flaw is considered difficult.

Affected Software

mysql:mysql-connector-java <8.0.28

Technical Details

The vulnerability exists in the Connector/J component of Oracle MySQL Connectors, affecting versions 8.0.27 and prior. A high-privileged attacker who has network access via multiple protocols can leverage this weakness. The specific mechanism involves a difficult-to-exploit weakness that, once successfully triggered, allows the attacker to gain full control over the MySQL Connectors instance, resulting in confidentiality, integrity, and availability impacts.

What is the Impact of CVE-2022-21363?

Successful exploitation may allow attackers to fully compromise and take over MySQL Connector instances, leading to complete loss of confidentiality, integrity, and availability of the affected system.

What is the Exploitability of CVE-2022-21363?

Exploitation of this vulnerability is difficult and requires a high-privileged attacker with network access. The attack can be initiated via multiple protocols, indicating a remote attack vector. There are no specific authentication requirements mentioned beyond requiring high privileges. The complexity and prerequisites for successful exploitation are high, reducing the overall likelihood of an attacker effectively leveraging this flaw without significant effort and specific conditions being met.

What are the Known Public Exploits?

PoC Author Link Commentary
No known exploits

What are the Available Fixes for CVE-2022-21363?

Available Upgrade Options

  • mysql:mysql-connector-java
    • <8.0.28 → Upgrade to 8.0.28

Struggling with dependency upgrades?

See how Resolved Security's drop-in replacements make it simple.

Book a demo

Additional Resources

What are Similar Vulnerabilities to CVE-2022-21363?

Similar Vulnerabilities: CVE-2022-21307 , CVE-2021-35598 , CVE-2021-35610 , CVE-2021-35587 , CVE-2021-2365

All Rights reserved 2025
Privacy Policy