PT-2024-3942 · Oracle · Mysql Server
Published
2024-04-16
·
Updated
2025-02-10
·
CVE-2024-21101
CVSS v3.1
2.2
Low
| Vector | AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Oracle MySQL versions 7.5.33 and prior
Oracle MySQL versions 7.6.29 and prior
Oracle MySQL versions 8.0.36 and prior
Oracle MySQL versions 8.3.0 and prior
Description
The issue is related to insufficient protection of internal data in the MySQL Cluster product, allowing a high-privileged attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks can result in unauthorized read access to a subset of MySQL Cluster accessible data.
Recommendations
For Oracle MySQL versions 7.5.33 and prior, update to a version later than 7.5.33 to resolve the issue.
For Oracle MySQL versions 7.6.29 and prior, update to a version later than 7.6.29 to resolve the issue.
For Oracle MySQL versions 8.0.36 and prior, update to a version later than 8.0.36 to resolve the issue.
For Oracle MySQL versions 8.3.0 and prior, update to a version later than 8.3.0 to resolve the issue.
As a temporary workaround, consider restricting access to the MySQL Cluster to minimize the risk of exploitation.
Fix
Improper Privilege Management
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Mysql Server