CVE-2022-21368 in MySQL Server
Summary
by MITRE • 01/19/2022
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 4.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L).
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 05/17/2025
The vulnerability identified as CVE-2022-21368 represents a significant security flaw within Oracle MySQL Server's component services, specifically affecting versions 8.0.27 and earlier. This vulnerability resides within the Server: Components Services module of the MySQL ecosystem, making it particularly concerning for organizations that rely heavily on database infrastructure. The flaw manifests as an easily exploitable issue that can be leveraged by attackers with high privileges and network access through multiple protocols, creating a substantial risk for database environments where such access might be compromised.
The technical nature of this vulnerability stems from insufficient access controls within the MySQL Server's component services, allowing authenticated users with elevated privileges to perform unauthorized operations against the database system. The vulnerability's classification as CVSS 3.1 Base Score 4.7 indicates a moderate severity threat that impacts confidentiality, integrity, and availability aspects of the database system. Attackers with high privileges and network connectivity can exploit this weakness to execute unauthorized update, insert, or delete operations on specific database content while also gaining unauthorized read access to limited subsets of accessible data. Additionally, successful exploitation can lead to partial denial of service conditions that disrupt database operations.
The operational impact of this vulnerability extends beyond simple data compromise, as it creates multiple attack vectors that can be leveraged for different malicious objectives. Organizations utilizing affected MySQL versions face potential data integrity breaches where unauthorized modifications could go undetected for extended periods, while the partial denial of service capability could disrupt business operations and database availability. The vulnerability's network accessibility through multiple protocols increases the attack surface significantly, as it can be exploited from various entry points within the network infrastructure. This characteristic makes it particularly dangerous in environments where database servers are exposed to external networks or where internal network segmentation is inadequate.
From a cybersecurity framework perspective, this vulnerability aligns with CWE-284 (Improper Access Control) and represents a clear violation of the principle of least privilege that should govern database access controls. The ATT&CK framework categorizes this vulnerability under privilege escalation and data manipulation techniques, as attackers can leverage existing elevated privileges to perform unauthorized operations within the database environment. Organizations should consider implementing comprehensive monitoring solutions to detect anomalous database activities that might indicate exploitation attempts, particularly focusing on unauthorized data modifications and access patterns that deviate from normal operational procedures. The vulnerability's impact on confidentiality, integrity, and availability makes it a critical concern for organizations implementing security frameworks such as NIST SP 800-53 or ISO 27001 compliance measures.
Mitigation strategies should prioritize immediate patching of affected MySQL Server installations to version 8.0.28 or later, which contains the necessary security fixes. Organizations should also implement robust network segmentation practices to limit access to database servers, ensuring that only authorized systems and users can establish connections. Additionally, implementing comprehensive database activity monitoring and auditing capabilities will help detect potential exploitation attempts and provide forensic evidence for security investigations. Regular security assessments and vulnerability scanning should be conducted to identify similar issues within the database infrastructure, while access control policies should be reviewed to ensure that users maintain only the privileges necessary for their operational requirements. The implementation of network access controls and firewall rules can further limit the attack surface by restricting network access to database servers from unauthorized sources and protocols.