CVE-2022-21328: 
MySQL vulnerability analysis and mitigation

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General) identified as CVE-2022-21328. The vulnerability affects versions 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior, and 8.0.27 and prior. This vulnerability was disclosed in January 2022 as part of Oracle's Critical Patch Update (Oracle CPU).

The vulnerability is characterized by a difficult-to-exploit condition that requires high privileged access to the physical communication segment attached to the hardware where MySQL Cluster executes. The vulnerability has a CVSS 3.1 Base Score of 6.3 (Medium) with the vector: CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H. Successful exploitation requires human interaction from a person other than the attacker (ZDI Advisory).

If successfully exploited, this vulnerability can result in complete takeover of MySQL Cluster. The impact affects all three main security aspects: Confidentiality, Integrity, and Availability, each with High severity ratings (Oracle CPU, NetApp Advisory).

Oracle has released patches to address this vulnerability in their January 2022 Critical Patch Update. Users should upgrade to the latest supported versions that include these security fixes. For systems using MySQL Cluster through other vendors like NetApp, specific product patches are available through their respective support channels (Oracle CPU, NetApp Advisory).