PatchSiren cyber security CVE debrief
CVE-2024-21262 Oracle Corporation CVE debrief
CVE-2024-21262 is a network-reachable vulnerability published on 2024-10-15 with a CVSS 3.1 base score of 6.5. The supplied record describes an unauthenticated attacker with network access as able to affect MySQL Connectors data and cause a partial denial of service. The source corpus also shows NVD affected-CPE mapping for both Oracle MySQL Connectors (up to 9.0.0) and NetApp OnCommand Insight, so version and product validation is important before deciding remediation scope.
- Vendor
- Oracle Corporation
- Product
- MySQL Connectors
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-10-15
- Original CVE updated
- 2026-05-21
- Advisory published
- 2024-10-15
- Advisory updated
- 2026-05-21
Who should care
Security teams, DBAs, and platform owners responsible for Oracle MySQL Connectors (especially Connector/ODBC) and any NetApp OnCommand Insight deployments mapped by NVD to this CVE. Prioritize systems exposed to network access or used in production data paths.
Technical summary
The CVE description states that supported versions 9.0.0 and prior are affected and that the issue is easily exploitable by an unauthenticated network attacker via multiple protocols. The documented impact is limited to integrity and availability: unauthorized update/insert/delete access to some accessible data and partial denial of service. NVD lists the vulnerability as analyzed and includes affected CPE criteria for Oracle MySQL Connectors and NetApp OnCommand Insight in the record.
Defensive priority
Medium. The issue is unauthenticated and network-accessible, but the supplied severity is CVSS 6.5 with integrity and availability impact only. Remediation should move up in priority for internet-facing, production, or hard-to-segment deployments.
Recommended defensive actions
- Identify all installations matching the affected CPEs in the source record, including Oracle MySQL Connectors versions 9.0.0 and prior.
- Review the linked Oracle security alert and apply the vendor-recommended update or workaround for affected MySQL Connectors components.
- If you operate NetApp OnCommand Insight, review the linked NetApp advisory and confirm whether your deployed version is affected by the mapped CVE.
- Reduce network exposure to affected services where practical until remediation is complete.
- Validate post-change behavior to ensure data access and availability are not impacted after updating.
Evidence notes
The CVE was published on 2024-10-15 and later modified in the source feed on 2026-05-21. The supplied description and NVD metadata both indicate network-based, unauthenticated exploitation with integrity and availability impact. NVD lists Oracle MySQL Connectors affected through version 9.0.0 and also maps NetApp OnCommand Insight in the CPE criteria. Official references in the corpus include the Oracle CPU October 2024 advisory and a NetApp advisory.
Official resources
-
CVE-2024-21262 CVE record
CVE.org
-
CVE-2024-21262 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Mitigation or vendor reference
af854a3a-2127-422b-91ae-364da2661108 - Third Party Advisory
Publicly disclosed in the CVE record on 2024-10-15. The supplied source corpus links both Oracle and NetApp advisories, and the NVD entry is marked analyzed.