Rewterz Threat Alert – APT29 Cozy Bear – Active IOCs
July 25, 2022Rewterz Threat Advisory – CVE-2022-22280 – SonicWall Global Management System (GMS) and Analytics Vulnerability
July 26, 2022Rewterz Threat Alert – APT29 Cozy Bear – Active IOCs
July 25, 2022Rewterz Threat Advisory – CVE-2022-22280 – SonicWall Global Management System (GMS) and Analytics Vulnerability
July 26, 2022Severity
Medium
Analysis Summary
CVE-2022-21531 CVSS:4.9
An unspecified vulnerability in Oracle MySQL Server related to the Server: Optimizer component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVE-2022-21530 CVSS:4.9
An unspecified vulnerability in Oracle MySQL Server related to the Server: Optimizer component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVE-2022-21529 CVSS:4.9
An unspecified vulnerability in Oracle MySQL Server related to the Server: Optimizer component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVE-2022-21528 CVSS:5.5
An unspecified vulnerability in Oracle MySQL Server related to the Server: Optimizer component could allow an authenticated attacker to cause no confidentiality impact, low integrity impact, and high availability impact.
CVE-2022-21527 CVSS:5.5
An unspecified vulnerability in Oracle MySQL Server related to the Server: Optimizer component could allow an authenticated attacker to cause no confidentiality impact, low integrity impact, and high availability impact.
CVE-2022-21526 CVSS:4.9
An unspecified vulnerability in Oracle MySQL Server related to the Server: Optimizer component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVE-2022-21525 CVSS:4.9
An unspecified vulnerability in Oracle MySQL Server related to the Server: Optimizer component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVE-2022-21522 CVSS:4.4
An unspecified vulnerability in Oracle MySQL Server related to the Server: Stored Procedure component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVE-2022-21519 CVSS:5.9
An unspecified vulnerability in Oracle MySQL Cluster related to the Cluster: General component could allow an unauthenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVE-2022-21517 CVSS:4.9
An unspecified vulnerability in Oracle MySQL Server related to the InnoDB component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVE-2022-21515 CVSS:4.9
An unspecified vulnerability in Oracle MySQL Server related to the Server: Options component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
Impact
- Denial of Service
- Unauthorized Access
Indicators Of Compromise
CVE
- CVE-2022-21531
- CVE-2022-21530
- CVE-2022-21529
- CVE-2022-21528
- CVE-2022-21527
- CVE-2022-21526
- CVE-2022-21525
- CVE-2022-21522
- CVE-2022-21519
- CVE-2022-21517
- CVE-2022-21515
Affected Vendors
Oracle
Affected Products
- Oracle MySQL Server 8.0.29
- Oracle MySQL Server 5.7.38
Remediation
Refer to Oracle Security Advisory for patch, upgrade or suggested workaround information.
Oracle Security Advisory