Software
MySQL 5.x, MySQL 8.x
ThreatCon
4 (4 weeks)
CVSS Score
7.5
Impact
System access, DoS, Exposure of sensitive information, Manipulation of data
Solution Status
Vendor Patched
Attack Vector
From local network
CVE Numbers
CVE‑2021‑22901 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22901> , CVE‑2021‑2352 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2352> , CVE‑2021‑2425 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2425> , CVE‑2021‑2399 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2399> , CVE‑2021‑2384 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2384> , CVE‑2021‑2429 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2429> , CVE‑2021‑2417 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2417> , CVE‑2021‑2422 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2422> , CVE‑2021‑22898 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22898> , CVE‑2021‑2357 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2357> , CVE‑2021‑2354 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2354> , CVE‑2021‑2374 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2374> , CVE‑2021‑2387 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2387> , CVE‑2021‑2412 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2412> , CVE‑2021‑2418 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2418> , CVE‑2021‑2342 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2342> , CVE‑2021‑2372 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2372> , CVE‑2021‑2385 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2385> , CVE‑2021‑2440 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2440> , CVE‑2021‑2367 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2367> , CVE‑2021‑2402 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2402> , CVE‑2021‑2426 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2426> , CVE‑2021‑2370 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2370> , CVE‑2021‑2389 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2389> , CVE‑2021‑2424 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2424> , CVE‑2021‑2339 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2339> , CVE‑2021‑2340 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2340> , CVE‑2021‑2444 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2444> , CVE‑2021‑2437 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2437> , CVE‑2021‑2383 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2383> , CVE‑2021‑2441 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2441> , CVE‑2021‑2356 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2356> , CVE‑2021‑2427 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2427> , CVE‑2021‑2410 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2410> , CVE‑2021‑2390 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2390>
Description
Multiple vulnerabilities have been reported in MySQL Server, which can be exploited by malicious, local users to disclose sensitive information, by malicious users to disclose sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system, and by malicious people to cause a DoS and compromise a vulnerable system.
Affected Software
The following software is affected by the described vulnerability. Please check the vendor links below to see if exactly your version is affected.
MySQL 5.x
MySQL 8.x
Solution
Apply update.
https://support.oracle.com/rs?type=doc&id=2787955.1
References
1. https://www.oracle.com/security-alerts/cpujul2021.html#AppendixMSQL <https://www.oracle.com/security-alerts/cpujul2021.html#AppendixMSQL>
2. http://www.oracle.com/security-alerts/cpujul2021verbose.html <http://www.oracle.com/security-alerts/cpujul2021verbose.html>