CVE-2022-21607 My MySQL Server product is vulnerable to a vulnerability in Oracle MySQL 8.0.28 and earlier.

Vulnerable versions of MySQL Server are 8.0.28 and prior. Note: This issue was previously announced as fixed in 8.0.10, but the fix was reverted in 8.0.28. CVSS 3.0 Base Score 6.5 (Critical severity). CVSS Temporal Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L). Note: Software versions of MySQL 5.5 and earlier are not CVSS v3.0 compliant and are vulnerable to CVSS v3.1 attacks. Vulnerable software versions - 5.5.41 and earlier; 5.6.26 and earlier; 5.7.12 and earlier; 5.8.4 and earlier; 5.9.1 and earlier; 5.10.0 and earlier. Serach for the following string to determine the correct upgrade path for your software version:

Mysql 8.0.28 and Prior - CVSS VULNERABILITY - HIGH CVSS Base Score - 6.5

MySQL 5.5.41 and prior - CVSS VULNERABILITY - MEDIUM CVSS Base Score - 5.9

MySQL 5.6.25 and prior - CVSS VULNERABILITY - MEDIUM CVSS Base Score - 5.9

MySQL 5

MySQL 5.7.12 and prior

MySQL 5.7.12 and prior - CVSS VULNERABILITY - MEDIUM CVSS Base Score - 5.9
MySQL 5.8.4 and prior - CVSS VULNERABILITY - MEDIUM CVSS Base Score - 5.9
MySQL 5.9.1 and prior - CVSS VULNERABILITY - HIGH CVSS Base Score - 6.5
MySQL 5

5.9 MySQL 5.9 and prior are not vulnerable to CVE-2022-21607

MySQL 5.7.12 and prior are not vulnerable to CVE-2022-21607
MySQL 5.8.4 and prior are not vulnerable to CVE-2022-21607
MySQL 5.10.0 is not vulnerable to CVE-2022-21607

Software Description:

MySQL is a widely used open-source relational database management system (RDBMS) that provides data storage and retrieval services.

CVE-2022-21803
Vulnerable versions of MySQL Server are 8.0.18 and prior. CVSS 3.0 Base Score 6.5 (Critical severity). CVSS Temporal Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L). Note: Software versions of MySQL 5.5 and earlier are not CVSS v3.0 compliant and are vulnerable to CVSS v3.1 attacks. Vulnerable software versions - 5.5.41 and earlier; 5.6.26 and earlier; 5.7.12 and earlier; 5.8.4 and earlier; 5 .9 .1 and earlier; 5 .10 .0 and earlier

Timeline

Published on: 10/18/2022 21:15:00 UTC
Last modified on: 10/18/2022 21:18:00 UTC

References