Active IQ Unified Manager Discussions

MySQL Cluster Vulnerability in NetApp Products (CVE-2024-20965)

wolfkiler
1,517 Views

hi Communty, i  am starting to work in netapp, that meas  i dont have at the moment much knowledge on it, but right  now i neet to fix a Vulneravility  of the Mysql version (8.0.35) that ar usin the  IQ manager.

 

Could someone share the link with me to donwload  the path to fix the CVE-2024-20965 Vulnerability?

 

 Thanks in Advance and nice day!

 

1 ACCEPTED SOLUTION

kryan
1,315 Views

Hi @wolfkiler - products listed as Affected will have a link added to the Remediation tab once a fix has been posted for use.

View solution in original post

4 REPLIES 4

Abeltran
1,480 Views

Hello wolfkiler,

 

I supose you are talking about Active IQ Unified Manager,right? I checked on product security advisory and this product is not affected. You can check it at https://security.netapp.com/advisory/ntap-20240201-0006/.

 

Kind regards,

 

Albert

kryan
1,454 Views

Oracle assigned CVE-2024-20965 to two products:

https://www.oracle.com/security-alerts/cpujan2024verbose.html#MSQL

CVE-2024-20965 Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.5.32 and prior, 7.6.28 and prior, 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Cluster.

CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory]
CVE-2024-20965 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (legend) [Advisory]

 

So there are two security advisories that reference this CVE ID.

 

The MySQL Cluster advisory as mentioned by @Abeltran :

https://security.netapp.com/advisory/ntap-20240201-0006

And the MySQL Server advisory:

https://security.netapp.com/advisory/NTAP-20240201-0003

 

Review and monitor them as needed - fixes are added when they are posted for use.

 

wolfkiler
1,418 Views

Hello @Abeltran  and @kryan , first of all, thank you very much for answering me, I saw those documents, but the big problem or lack of knowledge I have is ¿ how can I get the patch ? If I check those documents and go to the remediation tap, there I can see that the solution is to go to the Netapp download page, but I can't find a way to get the patch there :-(, it might be possible, give me a hand To find the right way to get this patch? Thanks in advance!!

 have a nice day  Guys.

kryan
1,316 Views

Hi @wolfkiler - products listed as Affected will have a link added to the Remediation tab once a fix has been posted for use.

Public