CVE-2024-21090

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-21090
Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/Python). Supported versions that are affected are 8.3.0 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://www.oracle.com/security-alerts/cpuapr2024.html Vendor Advisory
https://www.oracle.com/security-alerts/cpuapr2024.html Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
History

06 Dec 2024, 21:39

Type Values Removed Values Added
CWE NVD-CWE-noinfo
References () https://www.oracle.com/security-alerts/cpuapr2024.html - () https://www.oracle.com/security-alerts/cpuapr2024.html - Vendor Advisory
CPE cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
First Time Oracle
Oracle mysql

21 Nov 2024, 08:53

Type Values Removed Values Added
References () https://www.oracle.com/security-alerts/cpuapr2024.html - () https://www.oracle.com/security-alerts/cpuapr2024.html -

17 Apr 2024, 12:48

Type Values Removed Values Added
Summary
  • (es) Vulnerabilidad en el producto MySQL Connectors de Oracle MySQL (componente: Connector/Python). Las versiones compatibles que se ven afectadas son la 8.3.0 y anteriores. Una vulnerabilidad fácilmente explotable permite que un atacante no autenticado con acceso a la red a través de múltiples protocolos comprometa los conectores MySQL. Los ataques exitosos a esta vulnerabilidad pueden resultar en una capacidad no autorizada para provocar un bloqueo o una falla frecuente (DOS completo) de los conectores MySQL. CVSS 3.1 Puntuación base 7,5 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

16 Apr 2024, 22:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-04-16 22:15

Updated : 2024-12-06 21:39

NVD link : CVE-2024-21090

Mitre link : CVE-2024-21090

CVE.ORG link : CVE-2024-21090

JSON object : View

Products Affected

oracle

  • mysql
CWE
NVD-CWE-noinfo