CVE-2022-21455: 
MySQL vulnerability analysis and mitigation

Vulnerability CVE-2022-21455 affects the MySQL Server product of Oracle MySQL, specifically in the Server: PAM Auth Plugin component. The vulnerability affects versions 8.0.28 and prior. It is an easily exploitable vulnerability that allows high privileged attackers with network access via multiple protocols to compromise MySQL Server (Oracle CPU).

The vulnerability has been assigned a CVSS 3.1 Base Score of 4.9 (Medium severity) with the following vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N. This indicates that the vulnerability requires network access, is low complexity to exploit, requires high privileges, needs no user interaction, has unchanged scope, and can impact integrity but not confidentiality or availability (NVD).

Successful exploitation of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data (Oracle CPU, NetApp Advisory).

Oracle has released patches to address this vulnerability in their July 2022 Critical Patch Update. Users are strongly recommended to update to patched versions of MySQL Server. The vulnerability affects versions 8.0.28 and prior, so upgrading to a newer version will mitigate the risk (Oracle CPU).

Security researchers have noted concerns about Oracle's vulnerability disclosure process, with some criticizing the time taken to release patches. Researchers Peterjson and Jang highlighted the importance of patching this vulnerability along with CVE-2022-21497 (TechTarget).