Skip to main content

Improper Authorization

CVE-2022-21316

Severity Medium
Score 6.3/10

Summary

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.x prior to 7.4.34, 7.5.x prior to 7.5.24, 7.6.x prior to 7.6.20, and 8.0.x prior to 8.0.27. Difficult-to-exploit vulnerability allows high privileged attackers to log on into the infrastructure where MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in a takeover of MySQL Cluster.

  • HIGH
  • LOCAL
  • HIGH
  • UNCHANGED
  • REQUIRED
  • HIGH
  • HIGH
  • HIGH

CWE-285 - Improper Authorization

The software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

Advisory Timeline

  • Published