CVE-2024-21166

{"id": "CVE-2024-21166", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "secalert_us@oracle.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 5.2, "exploitabilityScore": 0.7}]}, "published": "2024-07-16T23:15:19.880", "references": [{"url": "https://www.oracle.com/security-alerts/cpujul2024.html", "tags": ["Vendor Advisory"], "source": "secalert_us@oracle.com"}, {"url": "https://security.netapp.com/advisory/ntap-20240801-0002/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.oracle.com/security-alerts/cpujul2024.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-285"}]}], "descriptions": [{"lang": "en", "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H)."}, {"lang": "es", "value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: InnoDB). Las versiones compatibles que se ven afectadas son 8.0.36 y anteriores y 8.3.0 y anteriores. Una vulnerabilidad dif\u00edcil de explotar permite que un atacante con altos privilegios y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometa el servidor MySQL. Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a la creaci\u00f3n, eliminaci\u00f3n o modificaci\u00f3n de datos cr\u00edticos o a todos los datos accesibles del servidor MySQL y la capacidad no autorizada de causar un bloqueo o falla frecuentemente repetible (DOS completo) del servidor MySQL. CVSS 3.1 Puntaje base 5.9 (impactos en integridad y disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H)."}], "lastModified": "2025-11-04T17:15:45.300", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7E9AB3E2-0EC8-44BE-BBEB-597C05640BE3", "versionEndIncluding": "8.0.36", "versionStartIncluding": "8.0.0"}, {"criteria": "cpe:2.3:a:oracle:mysql:8.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C607BC83-20CF-47A2-9945-125E1366C5C7"}], "operator": "OR"}]}], "sourceIdentifier": "secalert_us@oracle.com"}