CVE-2021-35625
First published: Wed Oct 20 2021(Updated: )
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).
Credit: secalert_us@oracle.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| NetApp OnCommand Insight | ||
| Netapp Snapcenter | ||
| Oracle MySQL | >=8.0.0<=8.0.26 | |
| redhat/mysql | <8.0.27 | 8.0.27 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://security.netapp.com/advisory/ntap-20211022-0003/
- https://www.oracle.com/security-alerts/cpuoct2021.html
- http://www.oracle.com/security-alerts/cpuoct2021.html#AppendixMSQL
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2016141
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2016142
- https://access.redhat.com/errata/RHSA-2022:6518
- https://access.redhat.com/errata/RHSA-2022:7119
- https://access.redhat.com/security/cve/cve-2021-35625
- https://bugzilla.redhat.com/show_bug.cgi?id=2016111
Frequently Asked Questions
What is the vulnerability ID for this MySQL Server vulnerability?
The vulnerability ID for this MySQL Server vulnerability is CVE-2021-35625.
What component of Oracle MySQL is affected by this vulnerability?
This vulnerability affects the Server: Security: Privileges component of Oracle MySQL.
Which versions of Oracle MySQL are affected by this vulnerability?
Versions 8.0.26 and prior of Oracle MySQL are affected by this vulnerability.
Is this vulnerability easily exploitable?
Yes, this vulnerability is easily exploitable.
What is the severity rating of this vulnerability?
The severity rating of this vulnerability is medium, with a value of 2.7.
How can I fix this vulnerability in Oracle MySQL?
To fix this vulnerability in Oracle MySQL, update to version 8.0.27.
Where can I find more information about this vulnerability?
You can find more information about this vulnerability at the following references: [NetApp Advisory](https://security.netapp.com/advisory/ntap-20211022-0003/), [Oracle Security Alerts - CPUOct2021](https://www.oracle.com/security-alerts/cpuoct2021.html).
- collector/nvd-index
- agent/type
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/author
- agent/references
- agent/severity
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2021-35625
- agent/software-canonical-lookup
- agent/tags
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/netapp
- canonical/netapp oncommand insight
- canonical/netapp snapcenter
- vendor/oracle
- canonical/oracle mysql
- version/oracle mysql/8.0.0
- version/oracle mysql/8.0.26
- package-manager/redhat