CVE-2021-2007

Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Client accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).

CVSS v3 3.7 LOW
CVSS v2.0 4.3 MEDIUM

3.7^/10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CS5THZSGI7O2CZO44NWYE57AG2T7NK3K/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T7EAHJPWOOF4D6PEFLXW5IQWRRSZ3HRC/
https://security.gentoo.org/glsa/202105-27	Third Party Advisory
https://security.netapp.com/advisory/ntap-20210622-0001/	Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2021.html	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:oracle:mysql::::::::
	cpe:2.3:a:oracle:mysql::::::::
	cpe:2.3:a:oracle:mysql::::::::

Configuration 2 (hide)

OR	cpe:2.3:o:fedoraproject:fedora:32:::::::*
	cpe:2.3:o:fedoraproject:fedora:33:::::::*

Configuration 3 (hide)

OR	cpe:2.3:a:netapp:active_iq_unified_manager:-:::::vmware_vsphere::
	cpe:2.3:a:netapp:active_iq_unified_manager:-:::::windows::
	cpe:2.3:a:netapp:oncommand_insight:-:::::::*
	cpe:2.3:a:netapp:oncommand_workflow_automation:-:::::::*

Configuration 4 (hide)

OR	cpe:2.3:a:mariadb:mariadb::::::::
	cpe:2.3:a:mariadb:mariadb::::::::
	cpe:2.3:a:mariadb:mariadb::::::::
	cpe:2.3:a:mariadb:mariadb::::::::
	cpe:2.3:a:mariadb:mariadb::::::::

History

07 Nov 2023, 03:32

Type	Values Removed	Values Added
References	{'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CS5THZSGI7O2CZO44NWYE57AG2T7NK3K/', 'name': 'FEDORA-2021-b1d1655cef', 'tags': ['Third Party Advisory'], 'refsource': 'FEDORA'} {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7EAHJPWOOF4D6PEFLXW5IQWRRSZ3HRC/', 'name': 'FEDORA-2021-db50ab62d3', 'tags': ['Third Party Advisory'], 'refsource': 'FEDORA'}	() https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T7EAHJPWOOF4D6PEFLXW5IQWRRSZ3HRC/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CS5THZSGI7O2CZO44NWYE57AG2T7NK3K/ -

08 Dec 2022, 03:04

Type	Values Removed	Values Added
First Time		Mariadb mariadb Mariadb
CPE		cpe:2.3:a:mariadb:mariadb::::::::

30 Mar 2022, 19:21

Type	Values Removed	Values Added
References	~~(GENTOO) https://security.gentoo.org/glsa/202105-27 -~~	(GENTOO) https://security.gentoo.org/glsa/202105-27 - Third Party Advisory
References	~~(CONFIRM) https://security.netapp.com/advisory/ntap-20210622-0001/ -~~	(CONFIRM) https://security.netapp.com/advisory/ntap-20210622-0001/ - Third Party Advisory
First Time		Netapp Netapp active Iq Unified Manager Netapp oncommand Workflow Automation Netapp oncommand Insight
CPE		cpe:2.3:a:netapp:oncommand_workflow_automation:-:::::::* cpe:2.3:a:netapp:active_iq_unified_manager:-:::::windows:: cpe:2.3:a:netapp:oncommand_insight:-:::::::* cpe:2.3:a:netapp:active_iq_unified_manager:-:::::vmware_vsphere::

22 Jun 2021, 09:15

Type	Values Removed	Values Added
References		(CONFIRM) https://security.netapp.com/advisory/ntap-20210622-0001/ -

26 May 2021, 12:15

Type	Values Removed	Values Added
References		(GENTOO) https://security.gentoo.org/glsa/202105-27 -

17 Feb 2021, 20:31

Type	Values Removed	Values Added
References	~~(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7EAHJPWOOF4D6PEFLXW5IQWRRSZ3HRC/ -~~	(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7EAHJPWOOF4D6PEFLXW5IQWRRSZ3HRC/ - Third Party Advisory
References	~~(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CS5THZSGI7O2CZO44NWYE57AG2T7NK3K/ -~~	(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CS5THZSGI7O2CZO44NWYE57AG2T7NK3K/ - Third Party Advisory
CPE		cpe:2.3:o:fedoraproject:fedora:33:::::::* cpe:2.3:o:fedoraproject:fedora:32:::::::*

15 Feb 2021, 03:15

Type	Values Removed	Values Added
References		(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7EAHJPWOOF4D6PEFLXW5IQWRRSZ3HRC/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CS5THZSGI7O2CZO44NWYE57AG2T7NK3K/ -

22 Jan 2021, 18:51

Type	Values Removed	Values Added
References	~~(MISC) https://www.oracle.com/security-alerts/cpujan2021.html -~~	(MISC) https://www.oracle.com/security-alerts/cpujan2021.html - Vendor Advisory
CWE		NVD-CWE-noinfo
CPE		cpe:2.3:a:oracle:mysql::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~3.7~~	v2 : 4.3 v3 : 3.7

20 Jan 2021, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2021-01-20 15:15

Updated : 2023-12-10 13:41

NVD link : CVE-2021-2007

Mitre link : CVE-2021-2007

CVE.ORG link : CVE-2021-2007

JSON object : View

Products Affected

mariadb

mariadb

fedoraproject

fedora

netapp

oncommand_workflow_automation
active_iq_unified_manager
oncommand_insight

oracle

mysql

CWE

NVD-CWE-noinfo

3.7 /10

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.3 /10

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2021-2007

3.7^/10

4.3^/10

Attach tags to `CVE-2021-2007`