Skip to main content

Mysql Cluster CVE-2021-35618

LOW
2021-10-20 secalert_us@oracle.com
1.8
CVSS 3.1 · Vendor: oracle

Severity by source

Vendor (oracle) PRIMARY
1.8 LOW
AV:A/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L

Primary rating from Vendor (oracle) · only source for this CVE.

CVSS VectorVendor: oracle

CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L
Attack Vector
Adjacent
Attack Complexity
High
Privileges Required
High
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low

Lifecycle Timeline

1
CVE Published
Oct 20, 2021 - 11:17 cve.org
LOW 1.8

DescriptionCVE.org

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 1.8 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L).

AnalysisAI

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Rated low severity (CVSS 1.8). No vendor patch available.

Technical ContextAI

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 1.8 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L). Affected products include: Oracle Mysql Cluster, Netapp Active Iq Unified Manager, Netapp Oncommand Insight, Netapp Oncommand Workflow Automation, Netapp Snapcenter.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2021-22931 CRITICAL POC
9.8 Aug 16

Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Code Execution, XSS, Application crashes due to miss

CVE-2020-8174 HIGH POC
8.1 Jul 24

napi_get_value_string_*() allows various kinds of memory corruption in node < 10.21.0, 12.18.0, and < 14.4.0. Rated high

CVE-2021-22884 HIGH POC
7.5 Mar 03

Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the whitelist includes “

CVE-2020-8172 HIGH POC
7.4 Jun 08

TLS session reuse can lead to host certificate verification bypass in node version < 12.18.0 and < 14.4.0. Rated high se

CVE-2019-10219 MEDIUM POC
6.1 Nov 08

A vulnerability was found in Hibernate-Validator. Rated medium severity (CVSS 6.1), this vulnerability is remotely explo

CVE-2021-22939 MEDIUM POC
5.3 Aug 16

If the Node.js https API was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no e

CVE-2022-21824 HIGH
8.2 Feb 24

Due to the formatting logic of the "console.table()" function it was not safe to allow user controlled input to be passe

CVE-2026-46863 HIGH
7.5 Jun 16

Remote unauthenticated denial-of-service in Oracle MySQL Server and MySQL Cluster (8.0.x, 8.4.x, and 9.0.0-9.7.0) allows

CVE-2021-22883 HIGH
7.5 Mar 03

Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connecti

CVE-2020-8277 HIGH
7.5 Nov 19

A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial

CVE-2025-21574 MEDIUM
6.5 Apr 15

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Rated medium severity (CVSS 6.5),

CVE-2025-21575 MEDIUM
6.5 Apr 15

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Rated medium severity (CVSS 6.5),

Share

CVE-2021-35618 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy