Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

oracle CPUOct2024: MySQL Cluster 8.0.39

oracle CPUOct2024: MySQL Cluster 8.0.40

oracle CPUOct2024: MySQL Server 8.4.3

oracle CPUOct2024: MySQL Server 9.0.2

oracle CPUOct2024: MySQL Server 8.0.40

oracle CPUOct2024: MySQL Cluster 7.5.36

oracle CPUOct2024: MySQL Cluster 8.4.2

oracle CPUOct2024: MySQL Cluster 8.4.3

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7102-1 advisory.

    Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to     fix these issues.

    MySQL has been updated to 8.0.40 in Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu     24.10.

    In addition to security fixes, the updated packages contain bug fixes, new features, and possibly     incompatible changes.

    Please see the following for more information:

    https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-40.html https://www.oracle.com/security-     alerts/cpuoct2024.html

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of mysql installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-21230 advisory.

  - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported     versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable     vulnerability allows low privileged attacker with network access via multiple protocols to compromise     MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang     or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2024-21230)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The versions of MySQL Server installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2024 CPU advisory.

  - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Packaging (OpenSSL)).
    Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable     vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL     Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete     access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable     crash (complete DOS) of MySQL Server. (CVE-2024-5535)

  - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Packaging (curl)). Supported     versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable     vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server.
    Successful attacks require human interaction from a person other than the attacker. Successful attacks of     this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete     DOS) of MySQL Server. (CVE-2024-7264)

  - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: X Plugin). Supported versions     that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability     allows low privileged attacker with network access via multiple protocols to compromise MySQL Server.
    Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable     crash (complete DOS) of MySQL Server. (CVE-2024-21196)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The versions of MySQL Server installed on the remote host are affected by a vulnerability as referenced in the October 2024 CPU advisory.

  - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Packaging (OpenSSL)).
    Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable     vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL     Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete     access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable     crash (complete DOS) of MySQL Server. (CVE-2024-5535)

  - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Packaging (curl)). Supported     versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable     vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server.
    Successful attacks require human interaction from a person other than the attacker. Successful attacks of     this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete     DOS) of MySQL Server. (CVE-2024-7264)

  - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: X Plugin). Supported versions     that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability     allows low privileged attacker with network access via multiple protocols to compromise MySQL Server.
    Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable     crash (complete DOS) of MySQL Server. (CVE-2024-21196)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The versions of MySQL Cluster installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2024 CPU advisory.

  - Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported     versions that are affected are 7.5.35 and prior, 7.6.31 and prior, 8.0.39 and prior, 8.4.2 and prior     and 9.0.1 and prior. Difficult to exploit vulnerability allows low privileged attacker with network     access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability     can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of     MySQL Cluster. (CVE-2024-21238)

   - Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported     versions that are affected are 7.5.35 and prior, 7.6.31 and prior, 8.0.39 and prior, 8.4.2 and prior and     9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via     multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in     unauthorized update, insert or delete access to some of MySQL Cluster accessible data as well as     unauthorized read access to a subset of MySQL Cluster accessible data. (CVE-2024-21247)

  - Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General (Kerberos)).     Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily     exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to     compromise MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized access to     critical data or complete access to all MySQL Cluster accessible data and unauthorized ability to cause     a hang or frequently repeatable crash (complete DOS) of MySQL Cluster. (CVE-2024-37371)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The versions of MySQL Cluster installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2024 CPU advisory.

  - Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: Packaging (OpenSSL)).     Supported versions that are affected are 7.5.35 and prior, 7.6.31 and prior, 8.0.39 and prior, 8.4.2 and     prior and 9.0.1 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network     access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can     result in unauthorized access to critical data or complete access to all MySQL Cluster accessible data     and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Cluster.
    (CVE-2024-5535)

  - Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported     versions that are affected are 7.5.35 and prior, 7.6.31 and prior, 8.0.39 and prior, 8.4.2 and prior     and 9.0.1 and prior. Difficult to exploit vulnerability allows low privileged attacker with network     access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability     can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of     MySQL Cluster. (CVE-2024-21238)

  - Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported     versions that are affected are 7.5.35 and prior, 7.6.31 and prior, 8.0.39 and prior, 8.4.2 and prior and     9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via     multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in     unauthorized update, insert or delete access to some of MySQL Cluster accessible data as well as     unauthorized read access to a subset of MySQL Cluster accessible data. (CVE-2024-21247)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
210774	Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 : MySQL vulnerabilities (USN-7102-1)	Nessus	Ubuntu Local Security Checks	medium
209603	CBL Mariner 2.0 Security Update: mysql (CVE-2024-21230)	Nessus	MarinerOS Local Security Checks	medium
209250	Oracle MySQL Server 8.0.x < 8.0.40 (October 2024 CPU)	Nessus	Databases	low
209249	Oracle MySQL Server 9.x < 9.1.0 (October 2024 CPU)	Nessus	Databases	low
209248	Oracle MySQL Server 8.x < 8.4.3 (October 2024 CPU)	Nessus	Databases	low
209242	Oracle MySQL Cluster 8.0.x < 8.0.40 / 8.4.x < 8.4.3 / 9.0.x < 9.0.2 (October 2024 CPU)	Nessus	Databases	critical
209240	Oracle MySQL Cluster 7.5.x < 7.5.36 / 7.6.x < 7.6.32 (October 2024 CPU)	Nessus	Databases	low

Detections

Analytics

CVE-2024-21230

medium

Tenable Plugins

Coming Soon

medium

medium

low

low

low

critical

low