MySQL Cluster Vulnerability in Oracle MySQL
CVE-2022-21482

6.3MEDIUM

Key Information:

Vendor: Oracle
Status: Mysql Cluster
Vendor: CVE Published:; 19 April 2022

Summary

A vulnerability exists in the MySQL Cluster component of Oracle MySQL, which could allow a high-privileged attacker to exploit the system. This issue affects versions 8.0.28 and earlier. Exploitation of this vulnerability requires access to the physical communication segment where the MySQL Cluster runs and human interaction from a non-attacker individual. If successfully exploited, this vulnerability could lead to the compromise of the MySQL Cluster, enabling unauthorized takeover.

Affected Version(s)

MySQL Cluster 8.0.28 and prior

References

https://www.oracle.com/security-alerts/cpuapr2022.html

x_refsource_MISC

https://security.netapp.com/advisory/ntap-20220429-0005/

x_refsource_CONFIRM

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 19, 2022
Vulnerability Reserved
Nov 15, 2021