CVE-2022-21483: 
MySQL vulnerability analysis and mitigation

MySQL Cluster Data Node version 8.0.28 and prior contains a vulnerability (CVE-2022-21483) that was disclosed in April 2022. This vulnerability affects the physical communication segment attached to MySQL Cluster Data Node and requires a high-privileged attacker with specific access conditions to exploit (Oracle CPE).

The vulnerability has been assigned a CVSS v3.1 base score of 6.3 (Medium) with the following vector: AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H. This indicates that the vulnerability requires adjacent network access, high complexity, high privileges, and user interaction to exploit, but could potentially result in high impacts to confidentiality, integrity, and availability (NetApp Advisory).

Successful exploitation of this vulnerability could lead to unauthorized takeover of MySQL Server, unauthorized read or modification access to a subset or all of the MySQL Server accessible data, or cause a hang or frequently repeatable crash resulting in partial or complete denial of service (NetApp Advisory).

Oracle has released patches to address this vulnerability in their April 2022 Critical Patch Update. Users are strongly recommended to update to the latest version of MySQL Cluster. For systems that cannot be immediately updated, it is recommended to restrict access to the physical communication segment and implement strict privilege controls (Oracle CPE).