How severe is CVE-2023-21980?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.1 out of 10.

What type of vulnerability is CVE-2023-21980?

This is classified as CWE-284, which is a common weakness in software security.

CVE-2023-21980 - HIGH Severity | CVSS 7.1

Vulnerability Description

Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs). Supported versions that are affected are 5.7.41 and prior and 8.0.32 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H).

Related Vulnerabilities

CVE-2014-2277

HIGH

CVSS:7.1(High)

The make_temporary_filename function in perltidy 20120701-1 and earlier allows local users to obtain sensitive information or write to arbitrary files via a symlink attack, related to use of the tmpna...

CWE-2842014

CVE-2016-2150

HIGH

CVSS:7.1(High)

SPICE allows local guest OS users to read from or write to arbitrary host memory locations via crafted primary surface parameters, a similar issue to CVE-2015-5261.

CWE-2842016

CVE-2016-3708

HIGH

CVSS:7.1(High)

Red Hat OpenShift Enterprise 3.2, when multi-tenant SDN is enabled and a build is run in a namespace that would normally be isolated from pods in other namespaces, allows remote authenticated users to...

CWE-2842016

CVE-2016-3713

HIGH

CVSS:7.1(High)

The msr_mtrr_valid function in arch/x86/kvm/mtrr.c in the Linux kernel before 4.6.1 supports MSR 0x2f8, which allows guest OS users to read or write to the kvm_arch_vcpu data structure, and consequent...

CWE-2842016

CVE-2016-5173

HIGH

CVSS:7.1(High)

The extensions subsystem in Google Chrome before 53.0.2785.113 does not properly restrict access to Object.prototype, which allows remote attackers to load unintended resources, and consequently trigg...

CWE-2842016

CVE-2016-5492

HIGH

CVSS:7.1(High)

Unspecified vulnerability in the Sun ZFS Storage Appliance Kit (AK) component in Oracle Sun Systems Products Suite AK 2013 allows local users to affect confidentiality and integrity via vectors relate...

CWE-2842016