CVE-2018-3258
Description
Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Low-privileged network attacker can fully compromise Oracle MySQL Connector/J versions 8.0.12 and prior via multiple protocols, leading to takeover.
Vulnerability
CVE-2018-3258 is an unspecified vulnerability in the Connector/J subcomponent of the Oracle MySQL Connectors component. Affected versions are MySQL Connector/J 8.0.12 and all prior releases. The vulnerability is reachable over the network via multiple protocols and does not require user interaction or any special privileges beyond a low-privileged account [1].
Exploitation
An attacker with low privileges and network access can exploit this vulnerability without any user interaction. The exact mechanism is not publicly detailed, but the CVSS vector indicates network access (AV:N), low attack complexity (AC:L), and no need for a privileged account (PR:L). The attacker may use multiple protocols to communicate with the Connector/J service [1].
Impact
Successful exploitation results in a complete takeover of the MySQL Connectors component. This leads to high confidentiality, integrity, and availability impacts, meaning the attacker can read, modify, or destroy data and disrupt availability of the connector. The attacker can achieve full control over the affected component [1].
Mitigation
Oracle released a fix in the Critical Patch Update for October 2018. The fixed version is MySQL Connector/J 8.0.13 or later. Red Hat included the fix in Red Hat Fuse 7.3.1 (RHSA-2019:1545) [2]. Users should upgrade to a patched version immediately. No workarounds are described in the available references.
AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
mysql:mysql-connector-javaMaven | < 8.0.13 | 8.0.13 |
Affected products
2- Oracle Corporation/MySQL Connectorsv5Range: 8.0.12 and prior
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- access.redhat.com/errata/RHSA-2019:1545ghsavendor-advisoryx_refsource_REDHATWEB
- github.com/advisories/GHSA-4vrv-ch96-6h42ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-3258ghsaADVISORY
- www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlghsax_refsource_CONFIRMWEB
- www.securityfocus.com/bid/105589mitrevdb-entryx_refsource_BID
- www.securitytracker.com/id/1041888mitrevdb-entryx_refsource_SECTRACK
- security.netapp.com/advisory/ntap-20181018-0002ghsaWEB
- security.netapp.com/advisory/ntap-20181018-0002/mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.