Vulnerability in MySQL Client from Oracle Affecting Data Access
CVE-2024-21209

2LOW

Key Information:

Vendor: Oracle
Status: Mysql Client
Vendor: CVE Published:; 15 October 2024

What is CVE-2024-21209?

A security vulnerability exists in Oracle's MySQL Client, specifically affecting the mysqldump component. This issue allows an attacker with high privileges and network access to target the MySQL Client. While exploiting this vulnerability is challenging, it requires assistance from an external user, leading to potential unauthorized access to sensitive data. The affected versions include 8.4.2 and earlier, along with 9.0.1 and earlier. Timely updates and security measures are essential to mitigate the risk associated with this vulnerability.

Affected Version(s)

MySQL Client * <= 8.4.2

MySQL Client * <= 9.0.1

References

https://www.oracle.com/security-alerts/cpuoct2024.html

vendor-advisory

CVSS V3.1

Score:

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 15, 2024
Vulnerability Reserved
Dec 7, 2023