{"api_version":"1","generated_at":"2026-04-23T00:40:24+00:00","cve":"CVE-2021-2411","urls":{"html":"https://cve.report/CVE-2021-2411","api":"https://cve.report/api/cve/CVE-2021-2411.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-2411","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-2411"},"summary":{"title":"CVE-2021-2411","description":"Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: JS module). Supported versions that are affected are 8.0.25 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).","state":"PUBLIC","assigner":"secalert_us@oracle.com","published_at":"2021-07-21 15:15:00","updated_at":"2021-07-23 13:26:00"},"problem_types":["NVD-CWE-noinfo"],"metrics":[],"references":[{"url":"https://security.netapp.com/advisory/ntap-20210723-0001/","name":"https://security.netapp.com/advisory/ntap-20210723-0001/","refsource":"CONFIRM","tags":["Third Party Advisory"],"title":"July 2021 MySQL Vulnerabilities in NetApp Products | NetApp Product Security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.oracle.com/security-alerts/cpujul2021.html","name":"https://www.oracle.com/security-alerts/cpujul2021.html","refsource":"MISC","tags":[],"title":"Oracle Critical Patch Update Advisory - July 2021","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-2411","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-2411","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"2411","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netapp","cpe5":"oncommand_insight","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"2411","vulnerable":"1","versionEndIncluding":"8.0.25","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"mysql_cluster","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2021-2411","qid":"690068","title":"Free Berkeley Software Distribution (FreeBSD) Security Update for mysql (38a4a043-e937-11eb-9b84-d4c9ef517024)"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ASSIGNER":"secalert_us@oracle.com","ID":"CVE-2021-2411","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"MySQL Cluster","version":{"version_data":[{"version_value":"8.0.25 and prior","version_affected":"="}]}}]},"vendor_name":"Oracle Corporation"}]}},"description":{"description_data":[{"lang":"eng","value":"Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: JS module). Supported versions that are affected are 8.0.25 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)."}]},"impact":{"cvss":{"baseScore":"3.7","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L","version":"3.1"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Cluster.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster."}]}]},"references":{"reference_data":[{"url":"https://www.oracle.com/security-alerts/cpujul2021.html","refsource":"MISC","name":"https://www.oracle.com/security-alerts/cpujul2021.html"},{"refsource":"CONFIRM","name":"https://security.netapp.com/advisory/ntap-20210723-0001/","url":"https://security.netapp.com/advisory/ntap-20210723-0001/"}]}},"nvd":{"publishedDate":"2021-07-21 15:15:00","lastModifiedDate":"2021-07-23 13:26:00","problem_types":["NVD-CWE-noinfo"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW","baseScore":3.7,"baseSeverity":"LOW"},"exploitabilityScore":2.2,"impactScore":1.4},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL","baseScore":4.3},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*","versionStartIncluding":"8.0.0","versionEndIncluding":"8.0.25","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"2411","Ordinal":"193520","Title":"CVE-2021-2411","CVE":"CVE-2021-2411","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"2411","Ordinal":"1","NoteData":"Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: JS module). Supported versions that are affected are 8.0.25 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).","Type":"Description","Title":null},{"CveYear":"2021","CveId":"2411","Ordinal":"2","NoteData":"2021-07-20","Type":"Other","Title":"Published"},{"CveYear":"2021","CveId":"2411","Ordinal":"3","NoteData":"2021-07-23","Type":"Other","Title":"Modified"}]}}}