CVE-2024-21262

Published: 10/15/2024 Last updated: 10/16/2024 Reserved: 12/7/2023

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/ODBC). Supported versions that are affected are 9.0.0 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Connectors. CVSS 3.1 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L).

CNA assigner: oracle (43595867-4340-4103-b7a2-9a5208d29a85) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	6.5	Medium	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Opam packages affected (1)

conf-mysql

Products affected (1)

Product	Vendor	Version
MySQL Connectors	Oracle Corporation	Version 1809 for x64-based Systems

References (1)

https://www.oracle.com/security-alerts/cpuoct2024.html