CVE-2024-21243

  1. Yack CVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-21243

2.2 /10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 0.7 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

V

ulnerability in the MySQL Server product of Oracle MySQL (component: Server: Telemetry). Supported versions that are affected are 8.4.2 and prior and 9.0.1 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N).

References
Link Resource
https://www.oracle.com/security-alerts/cpuoct2024.html Patch Vendor Advisory
https://security.netapp.com/advisory/ntap-20241101-0008/
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:9.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:9.0.1:*:*:*:*:*:*:*
History

03 Nov 2025, 22:16

Type Values Removed Values Added
References
  • () https://security.netapp.com/advisory/ntap-20241101-0008/ -

16 Oct 2024, 20:35

Type Values Removed Values Added
References () https://www.oracle.com/security-alerts/cpuoct2024.html - () https://www.oracle.com/security-alerts/cpuoct2024.html - Patch, Vendor Advisory
CWE NVD-CWE-noinfo
First Time Oracle mysql
Oracle
CPE cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:9.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:9.0.0:*:*:*:*:*:*:*

16 Oct 2024, 16:38

Type Values Removed Values Added
Summary
  • (es) Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Server: Telemetry). Las versiones compatibles afectadas son 8.4.2 y anteriores y 9.0.1 y anteriores. Esta vulnerabilidad, que es difícil de explotar, permite que un atacante con privilegios elevados y acceso a la red a través de múltiples protocolos comprometa MySQL Server. Los ataques exitosos de esta vulnerabilidad pueden dar como resultado un acceso de lectura no autorizado a un subconjunto de datos accesibles de MySQL Server. Puntuación base CVSS 3.1 2.2 (impactos de confidencialidad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N).

15 Oct 2024, 20:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-10-15 20:15

Updated : 2025-11-03 22:16

NVD link : CVE-2024-21243

Mitre link : CVE-2024-21243

CVE.ORG link : CVE-2024-21243

JSON object : View

Products Affected

oracle

CWE
NVD-CWE-noinfo