CVE-2021-2007 — Oracle Mysql vulnerability

9 documents9 sources

Severity

3.7LOWNVD

GHSA7.5

EPSS

0.5%

top 32.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mariadb Phpmailer Oracle Mysql +2 more

Timeline

PublishedJan 20

Latest updateJan 27

Description

Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Client accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vecto…

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 2.2 | Impact: 1.4

Affected Packages4 packages

▶NVDoracle/mysql5.6.0 — 5.6.47+2

▶CVEListV5oracle_corporation/mysql_server5.6.47 and prior, 5.7.29 and prior, 8.0.19 and prior+2

▶NVDmariadb/mariadb5.5.0 — 5.5.65+4

▶Packagistphpmailer/phpmailer< 5.2.0

Also affects: Fedora 32, 33

🔴Vulnerability Details

GHSA

PHPMailer Local file inclusion↗2024-02-02

▶

GHSA

GHSA-62m3-j4w3-p5mw: Vulnerability in the MySQL Client product of Oracle MySQL (component: C API)↗2022-05-24

▶

OSV

CVE-2021-2007: Vulnerability in the MySQL Client product of Oracle MySQL (component: C API)↗2021-01-20

▶

CVEList

CVE-2021-2007: Vulnerability in the MySQL Client product of Oracle MySQL (component: C API)↗2021-01-20

▶

📋Vendor Advisories

CISA ICS

Festo Didactic SE MES PC↗2026-01-27

▶

Red Hat

mysql: C API unspecified vulnerability (CPU Jan 2021)↗2021-01-19

▶

Oracle

Oracle Oracle MySQL Risk Matrix: C API — CVE-2021-2007↗2021-01-15

▶

Debian

CVE-2021-2007: mysql-8.0 - Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Su...↗2021

▶