Π›ΠΎΠ³ΠΎΡ‚ΠΈΠΏ exploitDog
Консоль
Π›ΠΎΠ³ΠΎΡ‚ΠΈΠΏ exploitDog

exploitDog

nvd Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2021-2367

ΠžΠΏΡƒΠ±Π»ΠΈΠΊΠΎΠ²Π°Π½ΠΎ: 21 июл. 2021
Π˜ΡΡ‚ΠΎΡ‡Π½ΠΈΠΊ: nvd
CVSS3: 4.9
CVSS2: 4
EPSS Низкий

Π£ΡΠ·Π²ΠΈΠΌΠΎΡΡ‚ΡŒ DoS Π°Ρ‚Π°ΠΊΠΈ Π² ΠΊΠΎΠΌΠΏΠΎΠ½Π΅Π½Ρ‚Π΅ Optimizer MySQL Server Ρ‡Π΅Ρ€Π΅Π· сСтСвой доступ

ОписаниС

Π£ΡΠ·Π²ΠΈΠΌΠΎΡΡ‚ΡŒ Π² ΠΏΡ€ΠΎΠ΄ΡƒΠΊΡ‚Π΅ MySQL Server ΠΎΡ‚ Oracle Π² ΠΊΠΎΠΌΠΏΠΎΠ½Π΅Π½Ρ‚Π΅ Optimizer позволяСт Π·Π»ΠΎΡƒΠΌΡ‹ΡˆΠ»Π΅Π½Π½ΠΈΠΊΡƒ с высокими привилСгиями ΠΈ с доступом ΠΊ сСти Ρ‡Π΅Ρ€Π΅Π· нСсколько ΠΏΡ€ΠΎΡ‚ΠΎΠΊΠΎΠ»ΠΎΠ² Π²Ρ‹Π·Π²Π°Ρ‚ΡŒ зависаниС ΠΈΠ»ΠΈ Π°Π²Π°Ρ€ΠΈΠΉΠ½ΠΎΠ΅ Π·Π°Π²Π΅Ρ€ΡˆΠ΅Π½ΠΈΠ΅ Ρ€Π°Π±ΠΎΡ‚Ρ‹ (полная DoS Π°Ρ‚Π°ΠΊΠ°) MySQL Server.

Π—Π°Ρ‚Ρ€ΠΎΠ½ΡƒΡ‚Ρ‹Π΅ вСрсии ПО

  • MySQL Server Π΄ΠΎ 8.0.25 Π²ΠΊΠ»ΡŽΡ‡ΠΈΡ‚Π΅Π»ΡŒΠ½ΠΎ

Π’ΠΈΠΏ уязвимости

DoS Π°Ρ‚Π°ΠΊΠ°

CVSS

CVSS 3.1 Базовая ΠΎΡ†Π΅Π½ΠΊΠ°: 4.9 (влияниС Π½Π° Π΄ΠΎΡΡ‚ΡƒΠΏΠ½ΠΎΡΡ‚ΡŒ).
CVSS Π’Π΅ΠΊΡ‚ΠΎΡ€: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Бсылки

УязвимыС ΠΊΠΎΠ½Ρ„ΠΈΠ³ΡƒΡ€Π°Ρ†ΠΈΠΈ

ΠšΠΎΠ½Ρ„ΠΈΠ³ΡƒΡ€Π°Ρ†ΠΈΡ 1
cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*
ВСрсия ΠΎΡ‚ 8.0.0 (Π²ΠΊΠ»ΡŽΡ‡Π°Ρ) Π΄ΠΎ 8.0.25 (Π²ΠΊΠ»ΡŽΡ‡Π°Ρ)
ΠšΠΎΠ½Ρ„ΠΈΠ³ΡƒΡ€Π°Ρ†ΠΈΡ 2
cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
ΠšΠΎΠ½Ρ„ΠΈΠ³ΡƒΡ€Π°Ρ†ΠΈΡ 3

Одно из

cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*

EPSS

ΠŸΡ€ΠΎΡ†Π΅Π½Ρ‚ΠΈΠ»ΡŒ: 62%
0.0044
Низкий

4.9 Medium

CVSS3

4 Medium

CVSS2

Π”Π΅Ρ„Π΅ΠΊΡ‚Ρ‹

NVD-CWE-noinfo

БвязанныС уязвимости

ubuntu Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2021-2367

CVSS3: 4.9
ubuntu
ΠΎΠΊΠΎΠ»ΠΎ 4 Π»Π΅Ρ‚ Π½Π°Π·Π°Π΄

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

redhat Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2021-2367

CVSS3: 4.9
redhat
ΠΎΠΊΠΎΠ»ΠΎ 4 Π»Π΅Ρ‚ Π½Π°Π·Π°Π΄

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

debian Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2021-2367

CVSS3: 4.9
debian
ΠΎΠΊΠΎΠ»ΠΎ 4 Π»Π΅Ρ‚ Π½Π°Π·Π°Π΄

Vulnerability in the MySQL Server product of Oracle MySQL (component: ...

github Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

GHSA-wmvp-8pph-cqxm

github
большС 3 Π»Π΅Ρ‚ Π½Π°Π·Π°Π΄

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

fstec Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

BDU:2022-02261

CVSS3: 4.9
fstec
ΠΎΠΊΠΎΠ»ΠΎ 4 Π»Π΅Ρ‚ Π½Π°Π·Π°Π΄

Π£ΡΠ·Π²ΠΈΠΌΠΎΡΡ‚ΡŒ ΠΊΠΎΠΌΠΏΠΎΠ½Π΅Π½Ρ‚Π° Server: Optimizer систСмы управлСния Π±Π°Π·Π°ΠΌΠΈ Π΄Π°Π½Π½Ρ‹Ρ… MySQL, ΠΏΠΎΠ·Π²ΠΎΠ»ΡΡŽΡ‰Π°Ρ Π½Π°Ρ€ΡƒΡˆΠΈΡ‚Π΅Π»ΡŽ Π²Ρ‹Π·Π²Π°Ρ‚ΡŒ ΠΎΡ‚ΠΊΠ°Π· Π² обслуТивании

EPSS

ΠŸΡ€ΠΎΡ†Π΅Π½Ρ‚ΠΈΠ»ΡŒ: 62%
0.0044
Низкий

4.9 Medium

CVSS3

4 Medium

CVSS2

Π”Π΅Ρ„Π΅ΠΊΡ‚Ρ‹

NVD-CWE-noinfo
Π£ΡΠ·Π²ΠΈΠΌΠΎΡΡ‚ΡŒ CVE-2021-2367