CVE-2022-21337: 
MySQL vulnerability analysis and mitigation

CVE-2022-21337 is a vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). The vulnerability affects multiple versions including 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior, and 8.0.27 and prior. It has been assigned a CVSS 3.1 Base Score of 6.3 (Medium) with vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H) (Oracle CPU).

The vulnerability requires a high-privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes. Successful exploitation requires human interaction from a person other than the attacker. The vulnerability has been rated with high complexity (AC:H) and requires high privileges (PR:H) along with user interaction (UI:R) for successful exploitation (ZDI Advisory).

If successfully exploited, this vulnerability can result in complete takeover of MySQL Cluster with high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H). The attack requires adjacent network access and can potentially compromise the entire MySQL Cluster system (Oracle CPU).

Oracle has released patches to address this vulnerability in their January 2022 Critical Patch Update. Users should upgrade to the latest supported versions that include the security fixes. For systems that cannot be immediately patched, limiting physical access to the communication segment and restricting high-privilege user access can help reduce the risk (Oracle CPU).