VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-jqyt-9u72-pkfk

Essentials
Severities (95)
References (11)
Severity details (9)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-jqyt-9u72-pkfk
Aliases	CVE-2024-21272 GHSA-hgjp-83m4-h4fj
Summary	Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/Python). Supported versions that are affected are 9.0.0 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H).
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-89	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2024-21272
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2024-21272
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2024-21272
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2024-21272
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2024-21272
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2024-21272
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2024-21272
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2024-21272
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2024-21272
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2024-21272
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2024-21272
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2024-21272
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2024-21272
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2024-21272
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2024-21272
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2024-21272
epss	0.00103	https://api.first.org/data/v1/epss?cve=CVE-2024-21272
epss	0.00103	https://api.first.org/data/v1/epss?cve=CVE-2024-21272
epss	0.00103	https://api.first.org/data/v1/epss?cve=CVE-2024-21272
epss	0.00103	https://api.first.org/data/v1/epss?cve=CVE-2024-21272
epss	0.00103	https://api.first.org/data/v1/epss?cve=CVE-2024-21272
epss	0.00103	https://api.first.org/data/v1/epss?cve=CVE-2024-21272
epss	0.00103	https://api.first.org/data/v1/epss?cve=CVE-2024-21272
epss	0.00103	https://api.first.org/data/v1/epss?cve=CVE-2024-21272
epss	0.00103	https://api.first.org/data/v1/epss?cve=CVE-2024-21272
epss	0.00103	https://api.first.org/data/v1/epss?cve=CVE-2024-21272
epss	0.00103	https://api.first.org/data/v1/epss?cve=CVE-2024-21272
epss	0.00103	https://api.first.org/data/v1/epss?cve=CVE-2024-21272
epss	0.00103	https://api.first.org/data/v1/epss?cve=CVE-2024-21272
epss	0.00103	https://api.first.org/data/v1/epss?cve=CVE-2024-21272
epss	0.00103	https://api.first.org/data/v1/epss?cve=CVE-2024-21272
epss	0.00103	https://api.first.org/data/v1/epss?cve=CVE-2024-21272
epss	0.00103	https://api.first.org/data/v1/epss?cve=CVE-2024-21272
epss	0.00103	https://api.first.org/data/v1/epss?cve=CVE-2024-21272
epss	0.00103	https://api.first.org/data/v1/epss?cve=CVE-2024-21272
epss	0.00103	https://api.first.org/data/v1/epss?cve=CVE-2024-21272
epss	0.00103	https://api.first.org/data/v1/epss?cve=CVE-2024-21272
epss	0.00137	https://api.first.org/data/v1/epss?cve=CVE-2024-21272
epss	0.00137	https://api.first.org/data/v1/epss?cve=CVE-2024-21272
epss	0.00137	https://api.first.org/data/v1/epss?cve=CVE-2024-21272
epss	0.00137	https://api.first.org/data/v1/epss?cve=CVE-2024-21272
epss	0.00137	https://api.first.org/data/v1/epss?cve=CVE-2024-21272
epss	0.00137	https://api.first.org/data/v1/epss?cve=CVE-2024-21272
epss	0.00137	https://api.first.org/data/v1/epss?cve=CVE-2024-21272
epss	0.00137	https://api.first.org/data/v1/epss?cve=CVE-2024-21272
epss	0.00137	https://api.first.org/data/v1/epss?cve=CVE-2024-21272
epss	0.00154	https://api.first.org/data/v1/epss?cve=CVE-2024-21272
epss	0.00154	https://api.first.org/data/v1/epss?cve=CVE-2024-21272
epss	0.00154	https://api.first.org/data/v1/epss?cve=CVE-2024-21272
epss	0.00154	https://api.first.org/data/v1/epss?cve=CVE-2024-21272
epss	0.00154	https://api.first.org/data/v1/epss?cve=CVE-2024-21272
epss	0.00154	https://api.first.org/data/v1/epss?cve=CVE-2024-21272
epss	0.00154	https://api.first.org/data/v1/epss?cve=CVE-2024-21272
epss	0.00154	https://api.first.org/data/v1/epss?cve=CVE-2024-21272
epss	0.00154	https://api.first.org/data/v1/epss?cve=CVE-2024-21272
epss	0.00154	https://api.first.org/data/v1/epss?cve=CVE-2024-21272
epss	0.00154	https://api.first.org/data/v1/epss?cve=CVE-2024-21272
epss	0.00154	https://api.first.org/data/v1/epss?cve=CVE-2024-21272
epss	0.00154	https://api.first.org/data/v1/epss?cve=CVE-2024-21272
epss	0.00154	https://api.first.org/data/v1/epss?cve=CVE-2024-21272
epss	0.00154	https://api.first.org/data/v1/epss?cve=CVE-2024-21272
epss	0.00154	https://api.first.org/data/v1/epss?cve=CVE-2024-21272
epss	0.00154	https://api.first.org/data/v1/epss?cve=CVE-2024-21272
epss	0.00154	https://api.first.org/data/v1/epss?cve=CVE-2024-21272
epss	0.00154	https://api.first.org/data/v1/epss?cve=CVE-2024-21272
epss	0.00154	https://api.first.org/data/v1/epss?cve=CVE-2024-21272
epss	0.00154	https://api.first.org/data/v1/epss?cve=CVE-2024-21272
epss	0.00154	https://api.first.org/data/v1/epss?cve=CVE-2024-21272
epss	0.00154	https://api.first.org/data/v1/epss?cve=CVE-2024-21272
epss	0.00168	https://api.first.org/data/v1/epss?cve=CVE-2024-21272
epss	0.00189	https://api.first.org/data/v1/epss?cve=CVE-2024-21272
epss	0.00189	https://api.first.org/data/v1/epss?cve=CVE-2024-21272
epss	0.00189	https://api.first.org/data/v1/epss?cve=CVE-2024-21272
epss	0.00189	https://api.first.org/data/v1/epss?cve=CVE-2024-21272
epss	0.00189	https://api.first.org/data/v1/epss?cve=CVE-2024-21272
epss	0.00189	https://api.first.org/data/v1/epss?cve=CVE-2024-21272
epss	0.00189	https://api.first.org/data/v1/epss?cve=CVE-2024-21272
epss	0.00189	https://api.first.org/data/v1/epss?cve=CVE-2024-21272
epss	0.00189	https://api.first.org/data/v1/epss?cve=CVE-2024-21272
epss	0.00189	https://api.first.org/data/v1/epss?cve=CVE-2024-21272
epss	0.00189	https://api.first.org/data/v1/epss?cve=CVE-2024-21272
epss	0.00189	https://api.first.org/data/v1/epss?cve=CVE-2024-21272
epss	0.00189	https://api.first.org/data/v1/epss?cve=CVE-2024-21272
epss	0.00189	https://api.first.org/data/v1/epss?cve=CVE-2024-21272
epss	0.00189	https://api.first.org/data/v1/epss?cve=CVE-2024-21272
epss	0.00602	https://api.first.org/data/v1/epss?cve=CVE-2024-21272
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-hgjp-83m4-h4fj
cvssv3.1	7.5	https://github.com/mysql/mysql-connector-python
generic_textual	HIGH	https://github.com/mysql/mysql-connector-python
cvssv3.1	7.5	https://github.com/mysql/mysql-connector-python/commit/e6b927af06e8a85bd3754f602df96a5592b4558c
generic_textual	HIGH	https://github.com/mysql/mysql-connector-python/commit/e6b927af06e8a85bd3754f602df96a5592b4558c
cvssv3	7.5	https://nvd.nist.gov/vuln/detail/CVE-2024-21272
cvssv3.1	7.5	https://nvd.nist.gov/vuln/detail/CVE-2024-21272
cvssv3.1	6.5	https://www.oracle.com/security-alerts/cpuoct2024.html
ssvc	Track	https://www.oracle.com/security-alerts/cpuoct2024.html

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21272.json
		https://api.first.org/data/v1/epss?cve=CVE-2024-21272
		https://github.com/mysql/mysql-connector-python
		https://github.com/mysql/mysql-connector-python/commit/e6b927af06e8a85bd3754f602df96a5592b4558c
1085297		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085297
2318902		https://bugzilla.redhat.com/show_bug.cgi?id=2318902
cpe:2.3:a:oracle:mysql:9.0.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:mysql:9.0.0:::::::*
cpe:2.3:a:oracle:mysql_connector\/python:9.0.0_and_prior:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:mysql_connector\/python:9.0.0_and_prior:::::::*
cpuoct2024.html		https://www.oracle.com/security-alerts/cpuoct2024.html
CVE-2024-21272		https://nvd.nist.gov/vuln/detail/CVE-2024-21272
GHSA-hgjp-83m4-h4fj		https://github.com/advisories/GHSA-hgjp-83m4-h4fj

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/mysql/mysql-connector-python

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/mysql/mysql-connector-python/commit/e6b927af06e8a85bd3754f602df96a5592b4558c

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2024-21272

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2024-21272

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://www.oracle.com/security-alerts/cpuoct2024.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-17T13:36:39Z/ Found at https://www.oracle.com/security-alerts/cpuoct2024.html

Exploit Prediction Scoring System (EPSS)

Percentile	0.18903
EPSS Score	0.00048
Published At	Nov. 1, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
2024-10-16T13:32:25.064657+00:00	NVD Importer	Import	https://nvd.nist.gov/vuln/detail/CVE-2024-21272	34.0.2