Mysql Cluster
CVE-2021-35592
MEDIUM
Severity by source
AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.5.23 and prior, 7.6.19 and prior and 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).
AnalysisAI
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Rated medium severity (CVSS 6.3).
Technical ContextAI
This vulnerability is classified under CWE-129. Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.5.23 and prior, 7.6.19 and prior and 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H). Affected products include: Oracle Mysql Cluster, Netapp Oncommand Insight, Netapp Snapcenter.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Mysql Cluster
View allNode.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Code Execution, XSS, Application crashes due to miss
napi_get_value_string_*() allows various kinds of memory corruption in node < 10.21.0, 12.18.0, and < 14.4.0. Rated high
Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the whitelist includes “
TLS session reuse can lead to host certificate verification bypass in node version < 12.18.0 and < 14.4.0. Rated high se
A vulnerability was found in Hibernate-Validator. Rated medium severity (CVSS 6.1), this vulnerability is remotely explo
If the Node.js https API was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no e
Due to the formatting logic of the "console.table()" function it was not safe to allow user controlled input to be passe
Remote unauthenticated denial-of-service in Oracle MySQL Server and MySQL Cluster (8.0.x, 8.4.x, and 9.0.0-9.7.0) allows
Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connecti
A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Rated medium severity (CVSS 6.5),
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Rated medium severity (CVSS 6.5),
Same weakness CWE-129 – Improper Validation of Array Index
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today