The versions of MySQL Server installed on the remote host are affected by multiple vulnerabilities as referenced in the January and October 2022 CPU advisories.

  - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are     affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access     via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover     of MySQL Server. (CVE-2022-21600)

  - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Compiling (cURL)). Supported versions     that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows     unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks     of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server     accessible data. (CVE-2021-22946)

  - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported     versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows low privileged     attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this     vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete     DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server     accessible data. (CVE-2022-21351)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Detections

Analytics

Oracle MySQL Server (Jan 2022 CPU)

high Nessus Plugin ID 156908

Version 1.13

Version 1.12

Version 1.11

Version 1.10

Version 1.10

Version 1.9

Version 1.8

Version 1.7

Version 1.13 Apr 18, 2025, 9:45 PM Detection (allow combined detections) Plugin Feed: 202504182145
Version 1.12 Nov 21, 2023, 1:14 AM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:F/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:F/RL:O/RC:C") Exploit attributes ("Exploit available" set to "True". "Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin Feed: 202311210114
Version 1.11 Oct 21, 2023, 3:09 AM IAVM reference Plugin Feed: 202310210309
Version 1.10 Jul 21, 2023, 12:09 PM IAVM reference Plugin Feed: 202307211209
Version 1.10 Oct 21, 2023, 1:17 AM IAVM reference Plugin Feed: 202310210117
Version 1.9 Jul 19, 2023, 6:07 PM CVE (Added "CVE-2023-22007" to "CVE" coverage) Plugin Feed: 202307191807
Version 1.8 Oct 21, 2022, 5:04 PM CVSS metrics CVSS temporal metrics CVSSv2 score source (Changed from CVE-2022-21600 to CVE-2022-21368) CVSSv2 severity (Based on CVE-2022-21368 severity decreased from High to Medium) CVSSv3 score source (Changed from None to CVE-2021-22946) Plugin Feed: 202210211704
Version 1.7 Oct 20, 2022, 1:54 PM CVE Plugin Feed: 202210201354