How severe is CVE-2023-21860?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.3 out of 10.

What type of vulnerability is CVE-2023-21860?

This is classified as CWE-284, which is a common weakness in software security.

CVE-2023-21860

MEDIUM Year: 2023

CVSS v3 Score

6.3

Medium

Weakness Type

CWE-284

View all →

Vulnerability Description

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: Internal Operations). Supported versions that are affected are 7.4.38 and prior, 7.5.28 and prior, 7.6.24 and prior and 8.0.31 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

CVE-2015-6933

MEDIUM

CVSS:6.3(Medium)

The VMware Tools HGFS (aka Shared Folders) implementation in VMware Workstation 11.x before 11.1.2, VMware Player 7.x before 7.1.2, VMware Fusion 7.x before 7.1.2, and VMware ESXi 5.0 through 6.0 allo...

CWE-2842015

CVE-2016-0914

MEDIUM

CVSS:6.3(Medium)

EMC Documentum WebTop 6.8 before Patch 13 and 6.8.1 before Patch 02, Documentum Administrator 7.x before 7.2 Patch 13, Documentum Capital Projects 1.9 before Patch 23 and 1.10 before Patch 10, and Doc...

CWE-2842016

CVE-2016-1200

MEDIUM

CVSS:6.3(Medium)

The management screen in LOCKON EC-CUBE 3.0.7 through 3.0.9 allows remote authenticated users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2016-11...

CWE-2842016

CVE-2016-1638

MEDIUM

CVSS:6.3(Medium)

extensions/renderer/resources/platform_app.js in the Extensions subsystem in Google Chrome before 49.0.2623.75 does not properly restrict use of Web APIs, which allows remote attackers to bypass inten...

CWE-2842016

CVE-2016-2277

MEDIUM

CVSS:6.3(Medium)

IAB.exe in Rockwell Automation Integrated Architecture Builder (IAB) before 9.6.0.8 and 9.7.x before 9.7.0.2 allows remote attackers to execute arbitrary code via a crafted project file.

CWE-2842016

CVE-2016-5601

MEDIUM

CVSS:6.3(Medium)

Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 12.1.3.0, 12.2.1.0, and 12.2.1.1 allows local users to affect confidentiality and integrity via vectors re...

CWE-2842016

CVE-2023-21860

Vulnerability Description

Related Vulnerabilities

CVE-2015-6933

CVE-2016-0914

CVE-2016-1200

CVE-2016-1638

CVE-2016-2277

CVE-2016-5601