CVE-2022-21288: 
MySQL vulnerability analysis and mitigation

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General) identified as CVE-2022-21288. The vulnerability affects versions 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior, and 8.0.27 and prior. This vulnerability was disclosed in January 2022 as part of Oracle's Critical Patch Update (Oracle CPU).

The vulnerability has a CVSS 3.1 Base Score of 6.3 (Medium) with the following vector: CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H. This indicates that exploitation requires high privileges, human interaction, and access to the physical communication segment attached to the hardware where MySQL Cluster executes (Oracle CPU, NetApp Advisory).

Successful exploitation of this vulnerability can result in complete takeover of MySQL Cluster, potentially compromising the confidentiality, integrity, and availability of the system (Oracle CPU).

Oracle has released security patches to address this vulnerability. Users should upgrade to the latest supported versions. The vulnerability was addressed in Oracle's January 2022 Critical Patch Update (Oracle CPU, ZDI Advisory).

The vulnerability was reported by an anonymous researcher working with Trend Micro's Zero Day Initiative, indicating active security research involvement in identifying MySQL Cluster vulnerabilities (Oracle CPU).