CVE-2022-21307: 
MySQL vulnerability analysis and mitigation

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General) identified as CVE-2022-21307. The vulnerability affects versions 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior, and 8.0.27 and prior. This is a difficult-to-exploit vulnerability that requires a high-privileged attacker with access to the physical communication segment attached to the hardware where MySQL Cluster executes. The vulnerability was disclosed in January 2022 as part of Oracle's Critical Patch Update (Oracle Advisory).

The vulnerability has a CVSS 3.1 Base Score of 6.3 (Medium) with the vector string: CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H. The vulnerability requires specific conditions for exploitation: adjacent network access, high attack complexity, high privileges, and user interaction. When successfully exploited, it can affect the confidentiality, integrity, and availability of the MySQL Cluster system (ZDI Advisory).

Successful exploitation of this vulnerability can result in complete takeover of MySQL Cluster. The impact spans across all three security aspects - confidentiality, integrity, and availability - with potential high impact on each (NetApp Advisory, Oracle Advisory).

Oracle has released patches to address this vulnerability in their January 2022 Critical Patch Update. Users are strongly recommended to update to the latest version of MySQL Cluster that includes these security fixes. The vulnerability affects versions 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior, and 8.0.27 and prior (Oracle Advisory).