CVE-2022-22483

IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to an information disclosure in some scenarios due to unauthorized access caused by improper privilege management when CREATE OR REPLACE command is used. IBM X-Force ID: 225979.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/225979	VDB Entry Vendor Advisory
https://security.netapp.com/advisory/ntap-20230921-0004/
https://www.ibm.com/support/pages/node/6618779	Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/225979	VDB Entry Vendor Advisory
https://security.netapp.com/advisory/ntap-20230921-0004/
https://www.ibm.com/support/pages/node/6618779	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:ibm:db2:9.7.0.0:::::linux::
	cpe:2.3:a:ibm:db2:9.7.0.0:::::unix::
	cpe:2.3:a:ibm:db2:9.7.0.0:::::windows::
	cpe:2.3:a:ibm:db2:10.1:::::linux::
	cpe:2.3:a:ibm:db2:10.1:::::unix::
	cpe:2.3:a:ibm:db2:10.1:::::windows::
	cpe:2.3:a:ibm:db2:10.5:::::linux::
	cpe:2.3:a:ibm:db2:10.5:::::unix::
	cpe:2.3:a:ibm:db2:10.5:::::windows::
	cpe:2.3:a:ibm:db2:11.1:::::linux::
	cpe:2.3:a:ibm:db2:11.1:::::unix::
	cpe:2.3:a:ibm:db2:11.1:::::windows::
	cpe:2.3:a:ibm:db2:11.5:::::linux::
	cpe:2.3:a:ibm:db2:11.5:::::unix::
	cpe:2.3:a:ibm:db2:11.5:::::windows::

OR	cpe:2.3:o:hp:hp-ux:-:::::::*
	cpe:2.3:o:ibm:aix:-:::::::*
	cpe:2.3:o:linux:linux_kernel:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*
	cpe:2.3:o:oracle:solaris:-::::::-:

History

No history.

Information

Published : 2022-09-13 21:15

Updated : 2024-11-21 06:46

NVD link : CVE-2022-22483

Mitre link : CVE-2022-22483

CVE.ORG link : CVE-2022-22483

JSON object : View

Products Affected

oracle

solaris

ibm

db2
aix

hp

hp-ux

linux

linux_kernel

microsoft

windows

CWE

CWE-269

Improper Privilege Management

{"id": "CVE-2022-22483", "cveTags": [], "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "psirt@us.ibm.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2022-09-13T21:15:09.107", "references": [{"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/225979", "tags": ["VDB Entry", "Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://security.netapp.com/advisory/ntap-20230921-0004/", "source": "psirt@us.ibm.com"}, {"url": "https://www.ibm.com/support/pages/node/6618779", "tags": ["Patch", "Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/225979", "tags": ["VDB Entry", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.netapp.com/advisory/ntap-20230921-0004/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.ibm.com/support/pages/node/6618779", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-269"}]}], "descriptions": [{"lang": "en", "value": "IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to an information disclosure in some scenarios due to unauthorized access caused by improper privilege management when CREATE OR REPLACE command is used. IBM X-Force ID: 225979."}, {"lang": "es", "value": "IBM Db2 para Linux, UNIX y Windows versiones 9.7, 10.1, 10.5, 11.1 y 11.5, es vulnerable a una divulgaci\u00f3n de informaci\u00f3n en algunos escenarios debido a un acceso no autorizado causado por una administraci\u00f3n de privilegios inapropiada cuando es usado el comando CREATE OR REPLACE. IBM X-Force ID: 225979"}], "lastModified": "2024-11-21T06:46:52.733", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:db2:9.7.0.0:*:*:*:*:linux:*:*", "vulnerable": true, "matchCriteriaId": "B086C74D-FD81-4032-9F70-290CE183B0E0"}, {"criteria": "cpe:2.3:a:ibm:db2:9.7.0.0:*:*:*:*:unix:*:*", "vulnerable": true, "matchCriteriaId": "78D395FE-473A-44D1-A2E5-451111B36255"}, {"criteria": "cpe:2.3:a:ibm:db2:9.7.0.0:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "316E63FD-A22E-42DC-BF9F-DA0B932C3384"}, {"criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:linux:*:*", "vulnerable": true, "matchCriteriaId": "719EC236-1B9A-4D32-AE10-E092AA0673FE"}, {"criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:unix:*:*", "vulnerable": true, "matchCriteriaId": "837A367A-5376-402B-8584-F1D93392AC04"}, {"criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "34F92819-22F3-451A-94D8-1112D426BD17"}, {"criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:linux:*:*", "vulnerable": true, "matchCriteriaId": "C9AB7540-A007-4554-A0E6-F75FDECB41FE"}, {"criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:unix:*:*", "vulnerable": true, "matchCriteriaId": "E48B9069-E7BD-480F-90B3-3791D5D2E79E"}, {"criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "9A04E067-F41C-494B-B59A-92B9FA001122"}, {"criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:linux:*:*", "vulnerable": true, "matchCriteriaId": "A2ED357E-CBC6-454F-9B9E-E98E9A139376"}, {"criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:unix:*:*", "vulnerable": true, "matchCriteriaId": "33D92200-08A1-42F4-98B8-52584342C18B"}, {"criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "A49F8B60-EAC8-46B6-9F48-6C877E41D615"}, {"criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:linux:*:*", "vulnerable": true, "matchCriteriaId": "42CB728E-ECA8-40DE-83E7-8AF390AA61FA"}, {"criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:unix:*:*", "vulnerable": true, "matchCriteriaId": "9105BCAD-F2C6-4568-B497-D72424753B58"}, {"criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "ADF7E611-0330-437D-9535-B710EC2FDA00"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F480AA32-841A-4E68-9343-B2E7548B0A0C"}, {"criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}, {"criteria": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:-:*", "vulnerable": false, "matchCriteriaId": "F5027746-8216-452D-83C5-2F8E9546F2A5"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@us.ibm.com"}