CVE-2021-35584

7 documents7 sources
Severity
4.3MEDIUM
EPSS
0.3%
top 48.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Oracle Mysql ClusterOracle Corporation Mysql Cluster
Timeline
PublishedOct 20
Latest updateMay 24

Description

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: ndbcluster/plugin DDL). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vec

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:LExploitability: 2.8 | Impact: 1.4

Affected Packages3 packages

NVDoracle/mysql_cluster8.0.08.0.26
CVEListV5oracle_corporation/mysql_cluster8.0.26 and prior
Ubuntumysql-8.0< 8.0.27-0ubuntu0.20.04.1+1

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

3
GHSA
GHSA-rpmh-q7gx-6phj: Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: ndbcluster/plugin DDL)2022-05-24
CVEList
CVE-2021-35584: Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: ndbcluster/plugin DDL)2021-10-20
OSV
CVE-2021-35584: Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: ndbcluster/plugin DDL)2021-10-20

📋Vendor Advisories

3
Ubuntu
MySQL vulnerabilities2021-10-25
Oracle
Oracle Oracle MySQL Risk Matrix: Cluster: ndbcluster/plugin DDL — CVE-2021-355842021-10-15
Debian
CVE-2021-35584: mysql-8.0 - Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: ...2021
CVE-2021-35584 (MEDIUM CVSS 4.3) | Vulnerability in the MySQL Cluster | cvebase.io