How severe is CVE-2022-21280?

Medium severity. CVSS v3 base score is 6.3 out of 10.

Is CVE-2022-21280 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Oracle Corporation Mysql Cluster

CVE-2022-21280

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerabilit…

EPSS: 0.765 (99.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.3 (Medium). Vector: CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H.

Affected products

Oracle Corporation Mysql Cluster — versions 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior

Public proof-of-concept exploits

ARPSyndicate/cve-scores

References

www.oracle.com/security-alerts/cpujan2022.html (x_refsource_MISC)
security.netapp.com/advisory/ntap-20220121-0008/ (x_refsource_CONFIRM)
www.zerodayinitiative.com/advisories/ZDI-22-084/ (x_refsource_MISC)

Frequently asked questions

What is CVE-2022-21280?: CVE-2022-21280 is a medium-severity vulnerability in Oracle Corporation Mysql Cluster. CVSS score: 6.3/10. Published 2022-01-19.
How severe is CVE-2022-21280?: Medium severity. CVSS v3 base score is 6.3 out of 10.
Is CVE-2022-21280 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.