Vulnerability Details : CVE-2022-21600

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).

Published 2022-10-18 21:15:12

Updated 2022-11-04 16:51:14

Source Oracle

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2022-21600

Probability of exploitation activity in the next 30 days: 0.07%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 29 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2022-21600

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
7.2	HIGH	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	1.2	5.9	[email protected]
Attack Vector: Network Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

References for CVE-2022-21600

https://security.netapp.com/advisory/ntap-20221028-0013/

Third Party Advisory

CVEs referencing this url
https://www.oracle.com/security-alerts/cpuoct2022.html

Vendor Advisory

CVEs referencing this url

Products affected by CVE-2022-21600

Oracle » Mysql
Versions from including (>=) 8.0 and up to, including, (<=) 8.0.27
cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
Matching versions
Netapp » Oncommand Workflow Automation » Version: N/A
cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
Matching versions
Netapp » Oncommand Insight » Version: N/A
cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
Matching versions