How severe is CVE-2022-21489?

Medium severity. CVSS v3 base score is 6.3 out of 10.

Is CVE-2022-21489 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Oracle Corporation Mysql Cluster

CVE-2022-21489

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.35 and prior, 7.5.25 and prior, 7.6.21 and prior and 8.0.28 and prior. Difficult to exploit vulnerabilit…

EPSS: 0.789 (99.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.3 (Medium). Vector: CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H.

Affected products

Oracle Corporation Mysql Cluster — versions 7.4.35 and prior, 7.5.25 and prior, 7.6.21 and prior

Public proof-of-concept exploits

ARPSyndicate/cve-scores

References

www.oracle.com/security-alerts/cpuapr2022.html (x_refsource_MISC)
security.netapp.com/advisory/ntap-20220429-0005/ (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2022-21489?: CVE-2022-21489 is a medium-severity vulnerability in Oracle Corporation Mysql Cluster. CVSS score: 6.3/10. Published 2022-04-19.
How severe is CVE-2022-21489?: Medium severity. CVSS v3 base score is 6.3 out of 10.
Is CVE-2022-21489 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.