CVE-2019-2692
Description
Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Connectors executes to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A high-privileged attacker with local access can trick a different user into triggering a takeover of MySQL Connector/J (≤8.0.15) via an unspecified flaw.
Vulnerability
Overview
CVE-2019-2692 is a vulnerability in the MySQL Connectors component of Oracle MySQL, specifically in Connector/J [1]. All versions up to and including 8.0.15 are affected [1]. The flaw is rated as difficult to exploit, requiring a high-privileged attacker with logon access to the infrastructure where the connector executes [1]. The CVSS 3.0 base score is 6.3, with impacts on confidentiality, integrity, and availability [1].
Attack
Vector and Prerequisites
Successful exploitation depends on human interaction from a person other than the attacker [1]. This means a high-privileged user must be tricked or coerced into performing an action that triggers the vulnerability while the attacker has local access to the system [1][2]. The attack complexity is high, and the attacker must already have high privileges on the local machine [1].
Impact
If successfully exploited, the vulnerability results in a complete takeover of MySQL Connectors [1]. An attacker could then potentially execute arbitrary code, manipulate database connections, or exfiltrate sensitive data transmitted through the connector [1][2]. The impact spans all three security pillars: confidentiality, integrity, and availability [1].
Mitigation
Oracle has addressed the vulnerability in MySQL Connector/J version 8.0.16 [2]. Users should upgrade to this version or later to mitigate the risk. No workarounds have been publicly documented, and as of the latest advisories, the flaw is not listed on the CISA Known Exploited Vulnerabilities catalog.
References
[1] NVD - CVE-2019-2692 [2] Snyk Vulnerability Database - SNYK-JAVA-MYSQL-174574
AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
mysql:mysql-connector-javaMaven | < 8.0.16 | 8.0.16 |
Affected products
2- Oracle Corporation/MySQL Connectorsv5Range: 8.0.15 and prior
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- github.com/advisories/GHSA-jcq3-cprp-m333ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2019-2692ghsaADVISORY
- www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlghsax_refsource_MISCWEB
- www.securityfocus.com/bid/107925ghsavdb-entryx_refsource_BIDWEB
- security.netapp.com/advisory/ntap-20190423-0002ghsaWEB
- security.netapp.com/advisory/ntap-20190423-0002/mitrex_refsource_CONFIRM
- snyk.io/vuln/SNYK-JAVA-MYSQL-174574ghsaWEB
News mentions
0No linked articles in our index yet.