CVE-2021-2374

Description

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.25 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.1 Base Score 4.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N).

Related CPE's

a oracle mysql_server ********

a netapp oncommand_insight -*******

References

https://www.oracle.com/security-alerts/cpujul2021.html

Vendor Advisory

https://security.netapp.com/advisory/ntap-20210723-0001/

Third Party Advisory

CvssV3 impact

BaseSeverity	MEDIUM
ConfidentialityImpact	HIGH
AttackComplexity	HIGH
Scope	UNCHANGED
AttackVector	LOCAL
AvailabilityImpact	NONE
IntegrityImpact	NONE
PrivilegesRequired	HIGH
BaseScore	4.1
VectorString	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
Version	3.1
UserInteraction	NONE

CvssV2 impact

AccessComplexity	MEDIUM
ConfidentialityImpact	PARTIAL
AvailabilityImpact	NONE
IntegrityImpact	NONE
BaseScore	1.9
VectorString	AV:L/AC:M/Au:N/C:P/I:N/A:N
Version	2.0
AccessVector	LOCAL
Authentication	NONE

Created by Yello

About Severity.io