CVE-2021-1998: 
MySQL vulnerability analysis and mitigation

CVE-2021-1998 is a vulnerability affecting MySQL Server that was disclosed in January 2021. The vulnerability allows high privileged attackers with network access to compromise MySQL Server through multiple protocols. This vulnerability affects MySQL Server versions 8.0.20 and prior (Oracle CPU).

The vulnerability has a CVSS v3.1 base score of 3.8 (Low severity) with the following vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L. The vulnerability requires high privileges and network access to exploit, with low attack complexity. The scope is unchanged, and it has low impacts on integrity and availability but no impact on confidentiality (NetApp Advisory).

Successful exploitation of this vulnerability could lead to unauthorized modification access to a subset of MySQL Server accessible data or cause partial service disruption. The impact is considered low due to the high privilege requirement for exploitation (Oracle CPU).

Oracle released patches for this vulnerability in the January 2021 Critical Patch Update. Users should upgrade to MySQL Server versions after 8.0.20. Various vendors have also released patches for their products incorporating MySQL, including Red Hat, Fedora, and NetApp (Oracle CPU, Fedora Update).