Oracle.MySQL.Cluster.GSN_CREATE_NODEGROUP.Remote.Code.Execution
Description
This indicates an attack attempt to exploit a Remote Code Execution Vulnerability in Oracle MySQL Cluster.
The vulnerability exists in the MySQL NDB Cluster component when handling GSN_CREATE_NODEGROUP_IMPL_REQ signals. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted packet to the vulnerable server. Successful exploitation will allow an attacker to execute arbitrary code in the context of the application.
Affected Products
Oracle MySQL Cluster 7.4.35 and prior
Oracle MySQL Cluster 7.5.25 and prior
Oracle MySQL Cluster 7.6.21 and prior
Oracle MySQL Cluster 8.0.28 and prior
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://www.oracle.com/security-alerts/cpuapr2022.html#AppendixMSQL
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |