topic Re: MySQL Cluster Vulnerability in NetApp Products (CVE-2024-20965) in Active IQ Unified Manager Discussions

MySQL Cluster Vulnerability in NetApp Products (CVE-2024-20965)

wolfkiler — Wed, 04 Jun 2025 09:40:43 GMT

hi Communty, i am starting to work in netapp, that meas i dont have at the moment much knowledge on it, but right now i neet to fix a Vulneravility of the Mysql version (8.0.35) that ar usin the IQ manager.

Could someone share the link with me to donwload the path to fix the CVE-2024-20965 Vulnerability?

Thanks in Advance and nice day!

Re: MySQL Cluster Vulnerability in NetApp Products (CVE-2024-20965)

Abeltran — Thu, 29 Feb 2024 14:20:35 GMT

Hello wolfkiler,

I supose you are talking about Active IQ Unified Manager,right? I checked on product security advisory and this product is not affected. You can check it at https://security.netapp.com/advisory/ntap-20240201-0006/.

Kind regards,

Albert

Re: MySQL Cluster Vulnerability in NetApp Products (CVE-2024-20965)

kryan — Thu, 29 Feb 2024 17:03:11 GMT

Oracle assigned CVE-2024-20965 to two products:

https://www.oracle.com/security-alerts/cpujan2024verbose.html#MSQL

CVE-2024-20965

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.5.32 and prior, 7.6.28 and prior, 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Cluster.

CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory]

CVE-2024-20965

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory]

So there are two security advisories that reference this CVE ID.

The MySQL Cluster advisory as mentioned by @Abeltran :

https://security.netapp.com/advisory/ntap-20240201-0006

And the MySQL Server advisory:

https://security.netapp.com/advisory/NTAP-20240201-0003

Review and monitor them as needed - fixes are added when they are posted for use.

Re: MySQL Cluster Vulnerability in NetApp Products (CVE-2024-20965)

wolfkiler — Fri, 01 Mar 2024 10:47:56 GMT

Hello @Abeltran and @kryan , first of all, thank you very much for answering me, I saw those documents, but the big problem or lack of knowledge I have is ¿ how can I get the patch ? If I check those documents and go to the remediation tap, there I can see that the solution is to go to the Netapp download page, but I can't find a way to get the patch there :-(, it might be possible, give me a hand To find the right way to get this patch? Thanks in advance!!

have a nice day Guys.

Re: MySQL Cluster Vulnerability in NetApp Products (CVE-2024-20965)

kryan — Mon, 04 Mar 2024 20:07:06 GMT

Hi @wolfkiler - products listed as Affected will have a link added to the Remediation tab once a fix has been posted for use.