CVE-2023-21971 in OpenJDK's MySQL Connector: RCE and Unauthorized DB Access (opens in new tab)

Why did it get such a low score despite enabling arbitrary code execution?