CVE-2021-35593: 
MySQL Cluster vulnerability analysis and mitigation

A vulnerability in Oracle MySQL Cluster (component: Cluster: General) affects versions 7.4.33 and prior, 7.5.23 and prior, 7.6.19 and prior, and 8.0.26 and prior. The vulnerability is difficult to exploit and requires high privileges with access to the physical communication segment attached to the hardware where MySQL Cluster executes, along with human interaction from a person other than the attacker (Oracle CPU).

The vulnerability has been assigned a CVSS v3.1 Base Score of 6.3 (Medium) with the vector string: CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H. This indicates that the attack requires adjacent network access, high attack complexity, high privileges, and user interaction. The vulnerability affects the confidentiality, integrity, and availability of the system with high impact if successfully exploited (ZDI Advisory).

Successful exploitation of this vulnerability can result in complete takeover of MySQL Cluster, potentially compromising the confidentiality, integrity, and availability of the system (Oracle CPU).

Oracle has released security patches to address this vulnerability. Users should upgrade to the latest versions: MySQL Cluster 7.4.34 or later, 7.5.24 or later, 7.6.20 or later, or 8.0.27 or later (Oracle CPU).