search cancel

Optimizer vulnerabilities in MySQL 8.0.30 and earlier in NetOps

book

Article ID: 253576

calendar_today

Updated On:

Products

DX NetOps CA Performance Management - Usage and Administration CA Spectrum CA Virtual Network Assurance

Issue/Introduction

How do we resolve the vulnerability of MySQL below?

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows high

It is one of a number affecting MySQL releases 8.0.30 and earlier.

The current 22.2.3 versions of DX NetOps Performance Manager, Virtual Network Assurance (VNA) and Spectrum all use MySQL version 8.0.30 or earlier.

Can we upgrade MySQL to remediate these vulnerabilities?

Environment

All supported DX NetOps Performance Management Portal web server releases running MySql versions 8.0.30 or earlier

All supported DX NetOps Spectrum OneClick web server releases running MySql versions 8.0.30 or earlier

All supported DX NetOps Virtual Network Assurance (VNA) releases running MySql versions 8.0.30 or earlier

Cause

Multiple vulnerabilities are addressed by this Critical Patch Update (CPU)

Resolution

A future DX NetOps Portal and OneClick release will include a MySql upgrade to a release that remediates these vulnerabilities.

When more details are known regarding the DX NetOps Portal release the changes will be included in, or what MySql release we'll upgrade to, this article will be updated.

At this time the pending changes can be tracked using these User Story IDs. Engage your Account team representatives for additional details or current status of the User Story IDs.

  • DX NetOps Performance Management:
    • F129420: Portal MySQL 8.0.31 (or higher) Upgrade
  • DX NetOps Spectrum:
    • US852592: Upgrade MySQL to 8.0.31 or later
  • DX NetOps Virtual Network Assurance (VNA)
    • US853779: VNA: MySQL upgrade to 8.0.31 or later

Additional Information

CVE-2022-21589 Supported versions that are affected are 5.7.39 and prior and 8.0.16 and prior.

CVE-2022-21595 Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior.

CVE-2022-21600 Supported versions that are affected are 8.0.27 and prior.

CVE-2022-21605 Supported versions that are affected are 8.0.28 and prior.

CVE-2022-21607 Supported versions that are affected are 8.0.28 and prior.

CVE-2022-21592 Supported versions that are affected are 5.7.39 and prior and 8.0.29 and prior.

CVE-2022-21635 Supported versions that are affected are 8.0.29 and prior

CVE-2022-21638 Supported versions that are affected are 8.0.29 and prior.

CVE-2022-21641 Supported versions that are affected are 8.0.29 and prior

CVE-2022-2097  Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).

CVE-2022-21608 Supported versions that are affected are 5.7.39 and prior and 8.0.30 and prior.

CVE-2022-21617 Supported versions that are affected are 5.7.39 and prior and 8.0.30 and prior.

CVE-2022-21594 Supported versions that are affected are 8.0.30 and prior.

CVE-2022-21599 Supported versions that are affected are 8.0.30 and prior.

CVE-2022-21604 Supported versions that are affected are 8.0.30 and prior.

CVE-2022-21611 Supported versions that are affected are 8.0.30

CVE-2022-21625 Supported versions that are affected are 8.0.30 and prior

CVE-2022-21632 Supported versions that are affected are 8.0.30 and prior.

CVE-2022-21633 Supported versions that are affected are 8.0.30 and prior.

CVE-2022-21637 Supported versions that are affected are 8.0.30 and prior.

CVE-2022-21640 Supported versions that are affected are 8.0.30 and prior.

CVE-2022-39400 Supported versions that are affected are 8.0.30 and prior.

CVE-2022-39408 Supported versions that are affected are 8.0.30 and prior.

CVE-2022-39410 Supported versions that are affected are 8.0.30 and prior.