PT-2021-21019 · Oracle · Mysql Cluster

Published

2021-10-20

Updated

2022-09-23

CVE-2021-35621

CVSS v3.1

6.3

Medium

Vector

AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Oracle MySQL Cluster versions 7.4.33 and prior Oracle MySQL Cluster versions 7.5.23 and prior Oracle MySQL Cluster versions 7.6.19 and prior Oracle MySQL Cluster versions 8.0.26 and prior

Description: The issue allows a high-privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker and can result in the takeover of MySQL Cluster.

Recommendations: For versions 7.4.33 and prior, update to a version later than 7.4.33. For versions 7.5.23 and prior, update to a version later than 7.5.23. For versions 7.6.19 and prior, update to a version later than 7.6.19. For versions 8.0.26 and prior, update to a version later than 8.0.26.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2021-35621

OESA-2021-1448

OESA-2022-1960

ZDI-21-1232

Affected Products

Mysql Cluster

PT-2021-21019 · Oracle · Mysql Cluster

CVE-2021-35621

Related Identifiers

Affected Products

References · 55