CVE-2022-21363
Description
Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A difficult-to-exploit vulnerability in MySQL Connector/J 8.0.27 and prior allows a high-privileged attacker to take over the connector.
Vulnerability
Vulnerability in MySQL Connector/J, versions 8.0.27 and prior, allows a high-privileged attacker with network access via multiple protocols to compromise the connector [1]. The specific root cause is not detailed in the public reference.
Exploitation
Exploitation requires high privileges (e.g., database administrator) and network access via multiple protocols. The vulnerability is rated as difficult to exploit (AC:H) and does not require user interaction [1].
Impact
Successful exploitation results in full takeover of MySQL Connectors, leading to compromise of confidentiality, integrity, and availability (CVSS 6.6, High) [1].
Mitigation
Affected versions: 8.0.27 and prior. The provided reference [1] does not include details of a fixed version or workaround. Users should monitor Oracle's Critical Patch Update advisories for a patch.
AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
mysql:mysql-connector-javaMaven | < 8.0.28 | 8.0.28 |
Affected products
2- Oracle Corporation/MySQL Connectorsv5Range: 8.0.27 and prior
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- github.com/advisories/GHSA-g76j-4cxx-23h9ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-21363ghsaADVISORY
- www.oracle.com/security-alerts/cpujan2022.htmlghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.