CVE-2022-21332: 
MySQL vulnerability analysis and mitigation

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General) identified as CVE-2022-21332. The vulnerability affects versions 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior, and 8.0.27 and prior. This vulnerability requires a high-privileged attacker with access to the physical communication segment attached to the hardware where MySQL Cluster executes. The vulnerability was disclosed in January 2022 as part of Oracle's Critical Patch Update (Oracle CPU).

The vulnerability has a CVSS 3.1 Base Score of 6.3 (Medium) with the vector: CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H. The vulnerability is characterized as difficult to exploit and requires human interaction from a person other than the attacker. The attack vector is adjacent network (AV:A), with high attack complexity (AC:H), requiring high privileges (PR:H) and user interaction (UI:R) (NetApp Advisory, ZDI Advisory).

Successful exploitation of this vulnerability can result in complete takeover of MySQL Cluster, potentially compromising the confidentiality, integrity, and availability of the system. The impact ratings are High for Confidentiality, Integrity, and Availability, indicating potential complete compromise of all security objectives (Oracle CPU).

Oracle has issued an update to correct this vulnerability. Users should upgrade to the latest supported versions that include the security fixes. The vulnerability was addressed in Oracle's January 2022 Critical Patch Update (Oracle CPU).