MySQL CPU April 2022 details:
This Critical Patch Update contains 26 new security patches for Oracle MySQL.
Affected Versions:
MySQL Server, versions 5.7.37 and prior, 8.0.28 and prior.
QID Detection Logic (Unauthenticated):
This QID detects vulnerable versions of MySQL via the banner exposed by the service.
IMPACT:
Successful exploitation could allow an attacker to affect the confidentiality, integrity, and availability of data on the target system.
SOLUTION:
Refer to vendor advisory Oracle MySQL April 2021 .
CPUAPR2022
Associated CVEs:CVE-2022-0778 CVE-2022-21417 CVE-2022-21427 CVE-2022-21444 CVE-2022-21451 CVE-2022-21454 CVE-2022-21460 CVE-2021-22570 CVE-2022-21412 CVE-2022-21413 CVE-2022-21414
CVE-2022-21415 CVE-2022-21418 CVE-2022-21423 CVE-2022-21425 CVE-2022-21435 CVE-2022-21436 CVE-2022-21437 CVE-2022-21438 CVE-2022-21440 CVE-2022-21452 CVE-2022-21457 CVE-2022-21459
CVE-2022-21462 CVE-2022-21478 CVE-2022-21479
Vendor ReferenceMySQL CPUAPR2022
Release : 21.2
Component : Dx NetOps console
Some of the CVE's in CPUAPR2022 are not fixed until MySql 8.0.30 which has not been released yet.
Once MySql 8.0.30 is released Broadcom engineering plans to add the MySql 8.0.30 upgrade into a future release.
No target date or release is known currently as of 6/16/2022
https://www.oracle.com/security-alerts/cpuapr2022.html#AppendixMSQL
Dx NetOps 22.2.2 uses MySQL 8.0.29