Lucene search

K
ibmIBMA161D5EBF082D45C00B04F43A967E2FA7D8BC1F452302F05F94A0428ECCE23E7
HistoryOct 23, 2024 - 9:04 p.m.

Security Bulletin: IBM Security Guardium is affected by vulnerabilities in Oracle MySQL

2024-10-2321:04:00
www.ibm.com
7
ibm security guardium
oracle mysql server
vulnerabilities
high availability impact
unspecified vulnerability

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.4

Confidence

High

Summary

IBM Security Guardium has addressed these vulnerabilities in an update.

Vulnerability Details

**CVEID:**CVE-2024-21137 **DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Server related to the Server: Optimizer component could allow a remote authenticated attacker to cause high availability impact. **CWE:**CWE-770: Allocation of Resources Without Limits or Throttling **CVSS Source:**IBM X-Force **CVSS Base score:**4.9 CVSS Vector:(CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2024-21165 **DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Server related to the Server: Pluggable Auth component could allow a remote authenticated attacker to cause high availability impact. **CWE:**CWE-770: Allocation of Resources Without Limits or Throttling **CVSS Source:**IBM X-Force **CVSS Base score:**4.9 CVSS Vector:(CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2024-21125 **DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Server related to the Server: FTS component could allow a remote authenticated attacker to cause high availability impact. **CWE:**CWE-770: Allocation of Resources Without Limits or Throttling **CVSS Source:**IBM X-Force **CVSS Base score:**4.9 CVSS Vector:(CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2024-21134 **DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Server related to the Server: Connection Handling component could allow a remote authenticated attacker to cause low availability impact. **CWE:**CWE-770: Allocation of Resources Without Limits or Throttling **CVSS Source:**IBM X-Force **CVSS Base score:**4.3 CVSS Vector:(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)

**CVEID:**CVE-2024-21163 **DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Server related to the Server: Optimizer component could allow a remote authenticated attacker to cause high availability impact. **CWE:**CWE-770: Allocation of Resources Without Limits or Throttling **CVSS Source:**IBM X-Force **CVSS Base score:**5.5 CVSS Vector:(CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H)

**CVEID:**CVE-2024-21177 **DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Server related to the Cluster: General component could allow a remote authenticated attacker to cause high availability impact. **CWE:**CWE-770: Allocation of Resources Without Limits or Throttling **CVSS Source:**IBM X-Force **CVSS Base score:**6.5 CVSS Vector:(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2024-21171 **DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Server related to the Server: Optimizer component could allow a remote authenticated attacker to cause high availability impact. **CWE:**CWE-770: Allocation of Resources Without Limits or Throttling **CVSS Source:**IBM X-Force **CVSS Base score:**6.5 CVSS Vector:(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2024-21135 **DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Server related to the Server: Optimizer component could allow a remote authenticated attacker to cause high availability impact. **CWE:**CWE-770: Allocation of Resources Without Limits or Throttling **CVSS Source:**IBM X-Force **CVSS Base score:**4.9 CVSS Vector:(CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2024-21160 **DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Server related to the InnoDB component could allow a remote authenticated attacker to cause high availability impact. **CWE:**CWE-770: Allocation of Resources Without Limits or Throttling **CVSS Source:**IBM X-Force **CVSS Base score:**4.9 CVSS Vector:(CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2024-20996 **DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Server related to the InnoDB component could allow a remote authenticated attacker to cause high availability impact. **CWE:**CWE-770: Allocation of Resources Without Limits or Throttling **CVSS Source:**IBM X-Force **CVSS Base score:**4.9 CVSS Vector:(CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2024-21127 **DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Server related to the Server: DDL component could allow a remote authenticated attacker to cause high availability impact. **CWE:**CWE-770: Allocation of Resources Without Limits or Throttling **CVSS Source:**IBM X-Force **CVSS Base score:**4.9 CVSS Vector:(CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2024-21179 **DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Server related to the InnoDB component could allow a remote authenticated attacker to cause high availability impact. **CWE:**CWE-770: Allocation of Resources Without Limits or Throttling **CVSS Source:**IBM X-Force **CVSS Base score:**4.9 CVSS Vector:(CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2024-21162 **DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Server related to the Server: Optimizer component could allow a remote authenticated attacker to cause high availability impact. **CWE:**CWE-770: Allocation of Resources Without Limits or Throttling **CVSS Source:**IBM X-Force **CVSS Base score:**4.9 CVSS Vector:(CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2024-21185 **DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Server related to the InnoDB component could allow a remote authenticated attacker to cause high availability impact. **CWE:**CWE-770: Allocation of Resources Without Limits or Throttling **CVSS Source:**IBM X-Force **CVSS Base score:**4.9 CVSS Vector:(CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2024-21130 **DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Server related to the Server: Optimizer component could allow a remote authenticated attacker to cause high availability impact. **CWE:**CWE-770: Allocation of Resources Without Limits or Throttling **CVSS Source:**IBM X-Force **CVSS Base score:**4.9 CVSS Vector:(CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2024-21159 **DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Server related to the InnoDB component could allow a remote authenticated attacker to cause high availability impact. **CWE:**CWE-770: Allocation of Resources Without Limits or Throttling **CVSS Source:**IBM X-Force **CVSS Base score:**4.9 CVSS Vector:(CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2024-21170 **DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Connectors related to the Connector/Python component could allow a remote authenticated attacker to cause low confidentiality, integrity and availability impact. **CWE:**CWE-770: Allocation of Resources Without Limits or Throttling **CVSS Source:**IBM X-Force **CVSS Base score:**6.3 CVSS Vector:(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)

**CVEID:**CVE-2024-21142 **DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Server related to the Server: Security: Privileges component could allow a remote authenticated attacker to cause high availability impact. **CWE:**CWE-770: Allocation of Resources Without Limits or Throttling **CVSS Source:**IBM X-Force **CVSS Base score:**4.9 CVSS Vector:(CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2024-21166 **DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Server related to the InnoDB component could allow a remote authenticated attacker to cause high availability impact. **CWE:**CWE-770: Allocation of Resources Without Limits or Throttling **CVSS Source:**IBM X-Force **CVSS Base score:**5.9 CVSS Vector:(CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H)

**CVEID:**CVE-2024-21176 **DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Server related to the Server: Thread Pooling component could allow a remote authenticated attacker to cause high availability impact. **CWE:**CWE-770: Allocation of Resources Without Limits or Throttling **CVSS Source:**IBM X-Force **CVSS Base score:**5.3 CVSS Vector:(CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2024-21157 **DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Server related to the InnoDB component could allow a remote authenticated attacker to cause high availability impact. **CWE:**CWE-770: Allocation of Resources Without Limits or Throttling **CVSS Source:**IBM X-Force **CVSS Base score:**4.9 CVSS Vector:(CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2024-21173 **DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Server related to the InnoDB component could allow a remote authenticated attacker to cause high availability impact. **CWE:**CWE-770: Allocation of Resources Without Limits or Throttling **CVSS Source:**IBM X-Force **CVSS Base score:**4.9 CVSS Vector:(CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2024-21129 **DESCRIPTION:**An unspecified vulnerability in Oracle MySQL Server related to the Server: DDL component could allow a remote authenticated attacker to cause high availability impact. **CWE:**CWE-770: Allocation of Resources Without Limits or Throttling **CVSS Source:**IBM X-Force **CVSS Base score:**4.9 CVSS Vector:(CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Security Guardium 12.0

Remediation/Fixes

IBM strongly encourages customers to update their systems promptly.

Product Version Fix
IBM Security Guardium 12.0 https://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM Security&product=ibm/Information+Management/InfoSphere+Guardium&release=12.0&platform=Linux&function=fixId&fixids=SqlGuard_12.0p25_Bundle_Oct-10-2024&includeSupersedes=0&source=fc

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmsecurity_guardiumMatch12.0
VendorProductVersionCPE
ibmsecurity_guardium12.0cpe:2.3:a:ibm:security_guardium:12.0:*:*:*:*:*:*:*

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.4

Confidence

High