search cancel

MySql vulnerablity from CPUAPR2022

book

Article ID: 244035

calendar_today

Updated On:

Products

CA Performance Management - Usage and Administration DX NetOps

Issue/Introduction

MySQL CPU April 2022 details:

This Critical Patch Update contains 26 new security patches for Oracle MySQL.

Affected Versions:
MySQL Server, versions 5.7.37 and prior, 8.0.28 and prior.

QID Detection Logic (Unauthenticated):
This QID detects vulnerable versions of MySQL via the banner exposed by the service.

IMPACT:
Successful exploitation could allow an attacker to affect the confidentiality, integrity, and availability of data on the target system.
SOLUTION:
Refer to vendor advisory Oracle MySQL April 2021 .

CPUAPR2022

Associated CVEs:CVE-2022-0778 CVE-2022-21417 CVE-2022-21427 CVE-2022-21444 CVE-2022-21451 CVE-2022-21454 CVE-2022-21460 CVE-2021-22570 CVE-2022-21412 CVE-2022-21413 CVE-2022-21414

CVE-2022-21415 CVE-2022-21418 CVE-2022-21423 CVE-2022-21425 CVE-2022-21435 CVE-2022-21436 CVE-2022-21437 CVE-2022-21438 CVE-2022-21440 CVE-2022-21452 CVE-2022-21457 CVE-2022-21459

CVE-2022-21462 CVE-2022-21478 CVE-2022-21479

Vendor ReferenceMySQL CPUAPR2022

 

Environment

Release : 21.2

Component : Dx NetOps console

Resolution

Some of the CVE's in CPUAPR2022 are not fixed until MySql 8.0.30 which has not been released yet.

Once MySql 8.0.30 is released Broadcom engineering  plans to add the MySql 8.0.30 upgrade into a future release.

No target date or release is known currently as of 6/16/2022 

Additional Information

https://www.oracle.com/security-alerts/cpuapr2022.html#AppendixMSQL

Dx NetOps 22.2.2 uses MySQL 8.0.29