{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"moderate"},"category":"csaf_vex","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"SUSE CVE-2018-3258","title":"Title"},{"category":"description","text":"Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).","title":"Description of the CVE"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"CVE-2018-3258","url":"https://www.suse.com/security/cve/CVE-2018-3258"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 1112234 for CVE-2018-3258","url":"https://bugzilla.suse.com/1112234"}],"title":"SUSE CVE CVE-2018-3258","tracking":{"current_release_date":"2025-07-28T23:44:29Z","generator":{"date":"2023-02-15T04:33:17Z","engine":{"name":"cve-database.git:bin/generate-csaf-vex.pl","version":"1"}},"id":"CVE-2018-3258","initial_release_date":"2023-02-15T04:33:17Z","revision_history":[{"date":"2023-02-15T04:33:17Z","number":"2","summary":"Current version"},{"date":"2025-01-01T08:03:05Z","number":"3","summary":"Current version"},{"date":"2025-02-18T07:17:54Z","number":"4","summary":"Current version"},{"date":"2025-03-15T12:42:17Z","number":"5","summary":"Current version"},{"date":"2025-04-25T07:22:05Z","number":"6","summary":"Current version"},{"date":"2025-07-28T23:44:29Z","number":"7","summary":"Current version"}],"status":"interim","version":"7"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_name","name":"HPE Helion OpenStack 8","product":{"name":"HPE Helion OpenStack 8","product_id":"HPE Helion OpenStack 8","product_identification_helper":{"cpe":"cpe:/o:suse:hpe-helion-openstack:8"}}},{"category":"product_name","name":"SUSE Linux Enterprise Desktop 11 SP4","product":{"name":"SUSE Linux Enterprise Desktop 11 SP4","product_id":"SUSE Linux Enterprise Desktop 11 SP4","product_identification_helper":{"cpe":"cpe:/o:suse:suse_sled:11:sp4"}}},{"category":"product_name","name":"SUSE Linux Enterprise Desktop 12 SP3","product":{"name":"SUSE Linux Enterprise Desktop 12 SP3","product_id":"SUSE Linux Enterprise Desktop 12 SP3","product_identification_helper":{"cpe":"cpe:/o:suse:sled:12:sp3"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 11 SP4","product":{"name":"SUSE Linux Enterprise Server 11 SP4","product_id":"SUSE Linux Enterprise Server 11 SP4","product_identification_helper":{"cpe":"cpe:/o:suse:suse_sles:11:sp4"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 12 SP3","product":{"name":"SUSE Linux Enterprise Server 12 SP3","product_id":"SUSE Linux Enterprise Server 12 SP3","product_identification_helper":{"cpe":"cpe:/o:suse:sles:12:sp3"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server for SAP Applications 11 SP4","product":{"name":"SUSE Linux Enterprise Server for SAP Applications 11 SP4","product_id":"SUSE Linux Enterprise Server for SAP Applications 11 SP4","product_identification_helper":{"cpe":"cpe:/o:suse:sles_sap:11:sp4"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server for SAP Applications 12 SP3","product":{"name":"SUSE Linux Enterprise Server for SAP Applications 12 SP3","product_id":"SUSE Linux Enterprise Server for SAP Applications 12 SP3","product_identification_helper":{"cpe":"cpe:/o:suse:sles_sap:12:sp3"}}},{"category":"product_name","name":"SUSE Linux Enterprise Software Development Kit 11 SP4","product":{"name":"SUSE Linux Enterprise Software Development Kit 11 SP4","product_id":"SUSE Linux Enterprise Software Development Kit 11 SP4","product_identification_helper":{"cpe":"cpe:/a:suse:sle-sdk:11:sp4"}}},{"category":"product_name","name":"SUSE Linux Enterprise Software Development Kit 12 SP3","product":{"name":"SUSE Linux Enterprise Software Development Kit 12 SP3","product_id":"SUSE Linux Enterprise Software Development Kit 12 SP3","product_identification_helper":{"cpe":"cpe:/o:suse:sle-sdk:12:sp3"}}},{"category":"product_name","name":"SUSE OpenStack Cloud 8","product":{"name":"SUSE OpenStack Cloud 8","product_id":"SUSE OpenStack Cloud 8","product_identification_helper":{"cpe":"cpe:/o:suse:suse-openstack-cloud:8"}}},{"category":"product_name","name":"SUSE OpenStack Cloud Crowbar 8","product":{"name":"SUSE OpenStack Cloud Crowbar 8","product_id":"SUSE OpenStack Cloud Crowbar 8","product_identification_helper":{"cpe":"cpe:/o:suse:suse-openstack-cloud-crowbar:8"}}},{"category":"product_version","name":"mysql-connector-java","product":{"name":"mysql-connector-java","product_id":"mysql-connector-java","product_identification_helper":{"cpe":"cpe:2.3:a:oracle:mysql_connector/j:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/mysql-connector-java@?upstream=mysql-connector-java.src.rpm"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"mysql-connector-java as component of HPE Helion OpenStack 8","product_id":"HPE Helion OpenStack 8:mysql-connector-java"},"product_reference":"mysql-connector-java","relates_to_product_reference":"HPE Helion OpenStack 8"},{"category":"default_component_of","full_product_name":{"name":"mysql-connector-java as component of SUSE Linux Enterprise Server 11 SP4","product_id":"SUSE Linux Enterprise Server 11 SP4:mysql-connector-java"},"product_reference":"mysql-connector-java","relates_to_product_reference":"SUSE Linux Enterprise Server 11 SP4"},{"category":"default_component_of","full_product_name":{"name":"mysql-connector-java as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4","product_id":"SUSE Linux Enterprise Server for SAP Applications 11 SP4:mysql-connector-java"},"product_reference":"mysql-connector-java","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 11 SP4"},{"category":"default_component_of","full_product_name":{"name":"mysql-connector-java as component of SUSE Linux Enterprise Desktop 11 SP4","product_id":"SUSE Linux Enterprise Desktop 11 SP4:mysql-connector-java"},"product_reference":"mysql-connector-java","relates_to_product_reference":"SUSE Linux Enterprise Desktop 11 SP4"},{"category":"default_component_of","full_product_name":{"name":"mysql-connector-java as component of SUSE Linux Enterprise Software Development Kit 11 SP4","product_id":"SUSE Linux Enterprise Software Development Kit 11 SP4:mysql-connector-java"},"product_reference":"mysql-connector-java","relates_to_product_reference":"SUSE Linux Enterprise Software Development Kit 11 SP4"},{"category":"default_component_of","full_product_name":{"name":"mysql-connector-java as component of SUSE Linux Enterprise Server 12 SP3","product_id":"SUSE Linux Enterprise Server 12 SP3:mysql-connector-java"},"product_reference":"mysql-connector-java","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP3"},{"category":"default_component_of","full_product_name":{"name":"mysql-connector-java as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3","product_id":"SUSE Linux Enterprise Server for SAP Applications 12 SP3:mysql-connector-java"},"product_reference":"mysql-connector-java","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 12 SP3"},{"category":"default_component_of","full_product_name":{"name":"mysql-connector-java as component of SUSE Linux Enterprise Desktop 12 SP3","product_id":"SUSE Linux Enterprise Desktop 12 SP3:mysql-connector-java"},"product_reference":"mysql-connector-java","relates_to_product_reference":"SUSE Linux Enterprise Desktop 12 SP3"},{"category":"default_component_of","full_product_name":{"name":"mysql-connector-java as component of SUSE Linux Enterprise Software Development Kit 12 SP3","product_id":"SUSE Linux Enterprise Software Development Kit 12 SP3:mysql-connector-java"},"product_reference":"mysql-connector-java","relates_to_product_reference":"SUSE Linux Enterprise Software Development Kit 12 SP3"},{"category":"default_component_of","full_product_name":{"name":"mysql-connector-java as component of SUSE OpenStack Cloud 8","product_id":"SUSE OpenStack Cloud 8:mysql-connector-java"},"product_reference":"mysql-connector-java","relates_to_product_reference":"SUSE OpenStack Cloud 8"},{"category":"default_component_of","full_product_name":{"name":"mysql-connector-java as component of SUSE OpenStack Cloud Crowbar 8","product_id":"SUSE OpenStack Cloud Crowbar 8:mysql-connector-java"},"product_reference":"mysql-connector-java","relates_to_product_reference":"SUSE OpenStack Cloud Crowbar 8"}]},"vulnerabilities":[{"cve":"CVE-2018-3258","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2018-3258"}],"notes":[{"category":"general","text":"Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).","title":"CVE description"}],"product_status":{"known_not_affected":["HPE Helion OpenStack 8:mysql-connector-java","SUSE Linux Enterprise Desktop 11 SP4:mysql-connector-java","SUSE Linux Enterprise Desktop 12 SP3:mysql-connector-java","SUSE Linux Enterprise Server 11 SP4:mysql-connector-java","SUSE Linux Enterprise Server 12 SP3:mysql-connector-java","SUSE Linux Enterprise Server for SAP Applications 11 SP4:mysql-connector-java","SUSE Linux Enterprise Server for SAP Applications 12 SP3:mysql-connector-java","SUSE Linux Enterprise Software Development Kit 11 SP4:mysql-connector-java","SUSE Linux Enterprise Software Development Kit 12 SP3:mysql-connector-java","SUSE OpenStack Cloud 8:mysql-connector-java","SUSE OpenStack Cloud Crowbar 8:mysql-connector-java"]},"references":[{"category":"external","summary":"CVE-2018-3258","url":"https://www.suse.com/security/cve/CVE-2018-3258"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 1112234 for CVE-2018-3258","url":"https://bugzilla.suse.com/1112234"}],"threats":[{"category":"impact","date":"2018-10-16T21:30:12Z","details":"moderate"}],"title":"CVE-2018-3258"}]}