Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.14 and prior and 5.1.48 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Connectors, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data as well as unauthorized read access to a subset of MySQL Connectors accessible data
Created mysql-connector-java tracking bugs for this issue: Affects: fedora-all [bug 1851015]
References: https://www.oracle.com/security-alerts/cpuapr2020.html https://lists.debian.org/debian-lts-announce/2020/06/msg00015.html https://www.debian.org/security/2020/dsa-4703
This vulnerability is out of security support scope for the following products: * Red Hat Enterprise Application Platform 6 * Red Hat JBoss Data Virtualization & Services 6 * Red Hat JBoss Fuse Service Works(FSW) 6 Please refer to https://access.redhat.com/support/policy/updates/jboss_notes for more details.
Statement: Red Hat Enterprise Linux customers are advised to replace the mysql-connector-java package with the mariadb-java-client, available in Red Hat Software Collections. It can be installed this way: # yum-config-manager --enable rhel-server-rhscl-7-rpms # yum install rh-mariadb103-mariadb-java-client
This issue has been addressed in the following products: RHDM 7.9.0 Via RHSA-2020:4960 https://access.redhat.com/errata/RHSA-2020:4960
This issue has been addressed in the following products: RHPAM 7.9.0 Via RHSA-2020:4961 https://access.redhat.com/errata/RHSA-2020:4961
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-2934
This issue has been addressed in the following products: Red Hat Fuse 7.10 Via RHSA-2021:5134 https://access.redhat.com/errata/RHSA-2021:5134