CVE-2024-21101Improper Privilege Management in Corporation Mysql NDB Cluster

CWE-269Improper Privilege Management4 documents4 sources
Severity
2.2LOWNVD
EPSS
0.1%
top 66.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Oracle Corporation Mysql NDB ClusterOracle Mysql
Timeline
PublishedApr 16
Latest updateApr 17

Description

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.5.33 and prior, 7.6.29 and prior, 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data. CVSS 3.1 Base Score 2.2 (Confi

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:NExploitability: 0.7 | Impact: 1.4

Affected Packages2 packages

CVEListV5oracle_corporation/mysql_ndb_cluster*7.5.33+3
NVDoracle/mysql7.5.07.5.33+3

🔴Vulnerability Details

2
GHSA
GHSA-hv7f-m7x4-mc78: Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General)2024-04-17
CVEList
CVE-2024-21101: Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General)2024-04-16

📋Vendor Advisories

1
Oracle
Oracle Oracle MySQL Risk Matrix: Cluster: General — CVE-2024-211012024-04-15
CVE-2024-21101 — Improper Privilege Management | cvebase