5.9

CVSS Score

3.1

Basic Information

CVE ID

CVE-2021-2471

GHSA ID

GHSA-w6f2-8wx4-47r5

EPSS Score

0.98034%

CWE

CWE-863

Published

5/24/2022

Updated

1/27/2023

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2021-2471

CVE-2021-2471: Incorrect Authorization in MySQL Connector Java

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Connectors accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors. CVSS 3.1 Base Score 5.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H).

(GitHub Advisory)

5.9

CVSS Score

3.1

Basic Information

CVE ID

CVE-2021-2471

GHSA ID

GHSA-w6f2-8wx4-47r5

EPSS Score

0.98034%

CWE

CWE-863

Published

5/24/2022

Updated

1/27/2023

KEV Status

Technology

Java

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
mysql:mysql-connector-java	maven	>= 8.0.0, <= 8.0.26	8.0.27

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability (CWE-863) relates to incorrect authorization in MySQL Connector/J. The authentication handshake process is a critical point where authorization checks occur. The function 'proceedHandshakeWithPluggableAuthentication' is central to MySQL's pluggable authentication mechanism. A flaw here could allow a privileged attacker to exploit network communication (via JDBC) to bypass proper authorization checks. The CVSS vector (AV:N/AC:H/PR:H) aligns with a network-accessible, high-privilege attack targeting authentication logic. This function's role in the authentication flow makes it a high-confidence candidate for the vulnerability.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Vuln*r**ility in t** MySQL *onn**tors pro*u*t o* Or**l* MySQL (*ompon*nt: *onn**tor/J). Support** v*rsions t**t *r* *****t** *r* *.*.** *n* prior. *i**i*ult to *xploit vuln*r**ility *llows *i** privil**** *tt**k*r wit* n*twork ****ss vi* multipl* pro

Reasoning

T** vuln*r**ility (*W*-***) r*l*t*s to in*orr**t *ut*oriz*tion in MySQL *onn**tor/J. T** *ut**nti**tion **n*s**k* pro**ss is * *riti**l point w**r* *ut*oriz*tion ****ks o**ur. T** *un*tion 'pro******n*s**k*Wit*Plu****l**ut**nti**tion' is **ntr*l to M

5.9

Basic Information

Concerned about an active attack path?

CVE-2021-2471: Incorrect Authorization in MySQL Connector Java

5.9

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI