Mysql Ndb Cluster
Monthly
Cross-component compromise in Oracle MySQL NDB Cluster (versions 8.0.11-8.0.46, 8.4.0-8.4.9, and 9.0.0-9.7.0) allows a low-privileged remote attacker with HTTP access to the NDB Operator component to read, modify, create, or delete all data accessible to the cluster. The scope-changed nature (S:C) means successful attacks reach beyond the NDB Cluster boundary into adjacent products. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV, but Oracle's CVSS 9.6 rating and 'easily exploitable' characterization make this a high-priority patch.
Cross-component compromise in Oracle MySQL NDB Cluster (versions 8.0.11-8.0.46, 8.4.0-8.4.9, and 9.0.0-9.7.0) allows a low-privileged remote attacker with HTTP access to the NDB Operator component to read, modify, create, or delete all data accessible to the cluster. The scope-changed nature (S:C) means successful attacks reach beyond the NDB Cluster boundary into adjacent products. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV, but Oracle's CVSS 9.6 rating and 'easily exploitable' characterization make this a high-priority patch.