MySQL Cluster Vulnerability in Oracle MySQL Impacting Specific Versions
CVE-2022-21550

6.3MEDIUM

Key Information:

Vendor: Oracle
Status: Mysql Cluster
Vendor: CVE Published:; 19 July 2022

Summary

A vulnerability exists in the MySQL Cluster component of Oracle MySQL, affecting multiple versions up to 8.0.29. This issue allows an attacker with high privileges and physical access to the communication segment of the hardware hosting the MySQL Cluster to potentially compromise the database system. Exploitation of this vulnerability requires human interaction from a third party, complicating the attack. Successful exploitation can lead to unauthorized takeover of the MySQL Cluster, impacting confidentiality, integrity, and availability of the data.

Affected Version(s)

MySQL Cluster 7.4.36 and prior

MySQL Cluster 7.5.26 and prior

MySQL Cluster 7.6.22 and prior

References

https://www.oracle.com/security-alerts/cpujul2022.html

x_refsource_MISC

https://security.netapp.com/advisory/ntap-20220729-0004/

x_refsource_CONFIRM

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jul 19, 2022
Vulnerability Reserved
Nov 15, 2021