CVE-2022-21535
LOW
Published Jul 19, 20223y ago · Modified Jun 22, 20261w ago
2.5 CVSS 3.1
Published Jul 19, 2022 3y ago
Last Modified Jun 22, 2026 1w ago
Description
Vulnerability in the MySQL Shell product of Oracle MySQL (component: Shell: General/Core Client). Supported versions that are affected are 8.0.28 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Shell executes to compromise MySQL Shell. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Shell. CVSS 3.1 Base Score 2.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L).
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L Attack Vector Local
Attack Complexity High
Privileges Required None
User Interaction Required
Scope Unchanged
Confidentiality None
Integrity None
Availability Low
Threat Intelligence
No active exploitation signals — not in CISA KEV and no EPSS score yet.
Exploit & Patch Status
No Known Exploit
Patch Available
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| oracle | mysql_shell | * | ≤8.0.28 |
References 1
- oracle.com https://www.oracle.com/security-alerts/cpujul2022.html
Remediation
- oracle.com https://www.oracle.com/security-alerts/cpujul2022.html