CVE-2022-39404

Name of the Vulnerable Software and Affected Versions MySQL Installer versions 1.6.3 and prior

Description The issue allows a low-privileged attacker with logon to the infrastructure where MySQL Installer executes to compromise MySQL Installer. Successful attacks require human interaction from a person other than the attacker and can result in unauthorized update, insert, or delete access to some of MySQL Installer's accessible data, as well as unauthorized read access to a subset of MySQL Installer's accessible data. Additionally, it can cause a partial denial of service (partial DOS) of MySQL Installer.

Recommendations For versions 1.6.3 and prior, update to a version later than 1.6.3 to resolve the issue. As a temporary workaround, consider restricting access to the MySQL Installer to minimize the risk of exploitation.