Denial of Service Vulnerability in MySQL Cluster by Oracle
CVE-2022-21519

5.9MEDIUM

Key Information:

Vendor: Oracle
Status: Mysql Cluster
Vendor: CVE Published:; 19 July 2022

Summary

A vulnerability in Oracle's MySQL Cluster product allows unauthenticated attackers with network access to exploit the system via multiple protocols. The vulnerability, present in versions 8.0.29 and earlier, can lead to unauthorized actions that manifest as a hang or consistent crash of the MySQL Cluster, effectively resulting in a complete denial of service. This makes the system vulnerable to availability impacts, requiring prompt attention and remedial actions by users and administrators.

Affected Version(s)

MySQL Cluster 8.0.29 and prior

References

https://www.oracle.com/security-alerts/cpujul2022.html

x_refsource_MISC

https://security.netapp.com/advisory/ntap-20220729-0004/

x_refsource_CONFIRM

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 19, 2022
Vulnerability Reserved
Nov 15, 2021