CVE-2024-21170

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-21170
Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/Python). Supported versions that are affected are 8.4.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data as well as unauthorized read access to a subset of MySQL Connectors accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Connectors. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).

6.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References
Link Resource
https://www.oracle.com/security-alerts/cpujul2024.html Vendor Advisory
https://www.oracle.com/security-alerts/cpujul2024.html Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:oracle:mysql_connector\/python:8.4.0:*:*:*:*:*:*:*
History

21 Nov 2024, 08:53

Type Values Removed Values Added
References () https://www.oracle.com/security-alerts/cpujul2024.html - Vendor Advisory () https://www.oracle.com/security-alerts/cpujul2024.html - Vendor Advisory

17 Oct 2024, 17:11

Type Values Removed Values Added
CWE NVD-CWE-noinfo
References () https://www.oracle.com/security-alerts/cpujul2024.html - () https://www.oracle.com/security-alerts/cpujul2024.html - Vendor Advisory
Summary
  • (es) Vulnerabilidad en el producto MySQL Connectors de Oracle MySQL (componente: Connector/Python). Las versiones compatibles que se ven afectadas son la 8.4.0 y anteriores. Una vulnerabilidad fácilmente explotable permite que un atacante con pocos privilegios y acceso a la red a través de múltiples protocolos comprometa los conectores MySQL. Los ataques exitosos de esta vulnerabilidad pueden resultar en actualización, inserción o eliminación no autorizadas de acceso a algunos de los datos accesibles de MySQL Connectors, así como acceso de lectura no autorizado a un subconjunto de datos accesibles de MySQL Connectors y capacidad no autorizada de causar una denegación de servicio parcial (DOS parcial). de conectores MySQL. CVSS 3.1 Puntuación base 6.3 (impactos en la confidencialidad, la integridad y la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).
CPE cpe:2.3:a:oracle:mysql_connector\/python:8.4.0:*:*:*:*:*:*:*
First Time Oracle mysql Connector\/python
Oracle

16 Jul 2024, 23:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-07-16 23:15

Updated : 2024-11-21 08:53

NVD link : CVE-2024-21170

Mitre link : CVE-2024-21170

CVE.ORG link : CVE-2024-21170

JSON object : View

Products Affected

oracle

  • mysql_connector\/python
CWE
NVD-CWE-noinfo

NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024