search cancel

MySQL(5.7.33) CVE vulnerability information for Spectrum 10.4.3

book

Article ID: 216118

calendar_today

Updated On:

Products

CA Spectrum

Issue/Introduction

DX NetOps Spectrum 10.4.3 (20.2.7) embeds MySQL version 5.7.33. A security scan has shown that this MySQL release is vulnerable to the following CVEs: 

CVE-2021-2146
CVE-2021-2154
CVE-2021-2162
CVE-2021-2166
CVE-2021-2169
CVE-2021-2171
CVE-2021-2174
CVE-2021-2179
CVE-2021-2180
CVE-2021-2194
CVE-2021-2226
CVE-2021-2307

The solution is to upgrade to MySQL version 5.7.34 or later. Can the MySQL version be upgraded to mitigate these vulnerabilities?

Environment

Spectrum 10.4.3 (20.2.7) and prior versions

Cause

All MySQL versions prior to 5.7.34 are vulnerable.

Resolution

Broadcom does not support upgrading the MySQL version independently in Spectrum. However,  DX NetOps Spectrum 21.2.1 is delivered with MySQL version 5.7.34. This MySQL version is not vulnerable to the above CVEs.