CVE-2022-21460: 
MySQL vulnerability analysis and mitigation

CVE-2022-21460 is a vulnerability in MySQL Server that was disclosed in April 2022. This is a difficult to exploit vulnerability that allows high-privileged attackers with network access via multiple protocols to compromise MySQL Server (NVD). The vulnerability affects MySQL Server versions 5.7.37 and prior, and 8.0.28 and prior (Oracle Advisory).

The vulnerability has been assigned a CVSS v3.1 base score of 4.4 (Medium) with the vector CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N. This indicates that while the vulnerability requires network access, it has high attack complexity and requires high privileges to exploit. If successfully exploited, it could result in high confidentiality impact (NetApp Advisory).

If successfully exploited, this vulnerability could allow an attacker to gain unauthorized read access to MySQL Server accessible data. The vulnerability specifically impacts the Server: Logging component and MySQL Protocol (Oracle Advisory).

Oracle has released patches to address this vulnerability in the April 2022 Critical Patch Update. Users should upgrade to MySQL Server versions after 5.7.37 or 8.0.28 to remediate this vulnerability. For Ubuntu 16.04 ESM users, the fix is available in MySQL version 5.7.38-0ubuntu0.16.04.1+esm1 (Ubuntu Security).