Oracle MySQL Cluster up to 7.4.38/7.5.28/7.6.24/8.0.31 Internal Operations privilege escalation

Summaryinfo

A vulnerability, which was classified as critical, has been found in Oracle MySQL Cluster up to 7.4.38/7.5.28/7.6.24/8.0.31. Affected by this vulnerability is an unknown functionality of the component Internal Operations. This manipulation causes an unknown weakness. The identification of this vulnerability is CVE-2023-21860. The attack needs to be done within the local network. There is no exploit available.

Detailsinfo

A vulnerability was found in Oracle MySQL Cluster up to 7.4.38/7.5.28/7.6.24/8.0.31 (Database Software). It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Internal Operations. As an impact it is known to affect confidentiality, integrity, and availability.

The weakness was shared 01/17/2023 as Oracle Critical Patch Update Advisory - January 2023. It is possible to read the advisory at oracle.com. This vulnerability is known as CVE-2023-21860. It demands that the victim is doing some kind of user interaction. The technical details are unknown and an exploit is not publicly available.

A possible mitigation has been published immediately after the disclosure of the vulnerability.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Productinfo

Type

• Database Software

Vendor

• Oracle

Name

• MySQL Cluster

Version

• 7.4.0
• 7.4.1
• 7.4.2
• 7.4.3
• 7.4.4
• 7.4.5
• 7.4.6
• 7.4.7
• 7.4.8
• 7.4.9
• 7.4.10
• 7.4.11
• 7.4.12
• 7.4.13
• 7.4.14
• 7.4.15
• 7.4.16
• 7.4.17
• 7.4.18
• 7.4.19
• 7.4.20
• 7.4.21
• 7.4.22
• 7.4.23
• 7.4.24
• 7.4.25
• 7.4.26
• 7.4.27
• 7.4.28
• 7.4.29
• 7.4.30
• 7.4.31
• 7.4.32
• 7.4.33
• 7.4.34
• 7.4.35
• 7.4.36
• 7.4.37
• 7.4.38
• 7.5.0
• 7.5.1
• 7.5.2
• 7.5.3
• 7.5.4
• 7.5.5
• 7.5.6
• 7.5.7
• 7.5.8
• 7.5.9
• 7.5.10
• 7.5.11
• 7.5.12
• 7.5.13
• 7.5.14
• 7.5.15
• 7.5.16
• 7.5.17
• 7.5.18
• 7.5.19
• 7.5.20
• 7.5.21
• 7.5.22
• 7.5.23
• 7.5.24
• 7.5.25
• 7.5.26
• 7.5.27
• 7.5.28
• 7.6.0
• 7.6.1
• 7.6.2
• 7.6.3
• 7.6.4
• 7.6.5
• 7.6.6
• 7.6.7
• 7.6.8
• 7.6.9
• 7.6.10
• 7.6.11
• 7.6.12
• 7.6.13
• 7.6.14
• 7.6.15
• 7.6.16
• 7.6.17
• 7.6.18
• 7.6.19
• 7.6.20
• 7.6.21
• 7.6.22
• 7.6.23
• 7.6.24
• 8.0.0
• 8.0.1
• 8.0.2
• 8.0.3
• 8.0.4
• 8.0.5
• 8.0.6
• 8.0.7
• 8.0.8
• 8.0.9
• 8.0.10
• 8.0.11
• 8.0.12
• 8.0.13
• 8.0.14
• 8.0.15
• 8.0.16
• 8.0.17
• 8.0.18
• 8.0.19
• 8.0.20
• 8.0.21
• 8.0.22
• 8.0.23
• 8.0.24
• 8.0.25
• 8.0.26
• 8.0.27
• 8.0.28
• 8.0.29
• 8.0.30
• 8.0.31

License

• open-source

Website

• Vendor: https://www.oracle.com

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Discussion