CVE-2022-22483 - OpenCVE

IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to an information disclosure in some scenarios due to unauthorized access caused by improper privilege management when CREATE OR REPLACE command is used. IBM X-Force ID: 225979.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Oracle	Solaris
Microsoft	Windows
Ibm	Aix Db2
Linux	Linux Kernel
Hp	Hp-ux

Configuration 1 [-]

AND

OR	cpe:2.3:a:ibm:db2:9.7.0.0:::::linux::
	cpe:2.3:a:ibm:db2:9.7.0.0:::::unix::
	cpe:2.3:a:ibm:db2:9.7.0.0:::::windows::
	cpe:2.3:a:ibm:db2:10.1:::::linux::
	cpe:2.3:a:ibm:db2:10.1:::::unix::
	cpe:2.3:a:ibm:db2:10.1:::::windows::
	cpe:2.3:a:ibm:db2:10.5:::::linux::
	cpe:2.3:a:ibm:db2:10.5:::::unix::
	cpe:2.3:a:ibm:db2:10.5:::::windows::
	cpe:2.3:a:ibm:db2:11.1:::::linux::
	cpe:2.3:a:ibm:db2:11.1:::::unix::
	cpe:2.3:a:ibm:db2:11.1:::::windows::
	cpe:2.3:a:ibm:db2:11.5:::::linux::
	cpe:2.3:a:ibm:db2:11.5:::::unix::
	cpe:2.3:a:ibm:db2:11.5:::::windows::

OR	cpe:2.3:o:hp:hp-ux:-:::::::*
	cpe:2.3:o:ibm:aix:-:::::::*
	cpe:2.3:o:linux:linux_kernel:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*
	cpe:2.3:o:oracle:solaris:-::::::-:

References

Link	Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/225979	VDB Entry Vendor Advisory
https://security.netapp.com/advisory/ntap-20230921-0004/
https://www.ibm.com/support/pages/node/6618779	Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: ibm

Published: 2022-09-13T00:00:00

Updated: 2023-09-21T16:06:15.731833

Reserved: 2022-01-03T00:00:00

Link: CVE-2022-22483

JSON object: View

NVD Information

Status : Modified

Published: 2022-09-13T21:15:09.107

Modified: 2023-09-21T17:15:09.930

Link: CVE-2022-22483

JSON object: View

Redhat Information

No data.

CWE

CWE-269

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:db2:9.7.0.0:*:*:*:*:linux:*:*", "matchCriteriaId": "B086C74D-FD81-4032-9F70-290CE183B0E0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:db2:9.7.0.0:*:*:*:*:unix:*:*", "matchCriteriaId": "78D395FE-473A-44D1-A2E5-451111B36255", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:db2:9.7.0.0:*:*:*:*:windows:*:*", "matchCriteriaId": "316E63FD-A22E-42DC-BF9F-DA0B932C3384", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:linux:*:*", "matchCriteriaId": "719EC236-1B9A-4D32-AE10-E092AA0673FE", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:unix:*:*", "matchCriteriaId": "837A367A-5376-402B-8584-F1D93392AC04", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:windows:*:*", "matchCriteriaId": "34F92819-22F3-451A-94D8-1112D426BD17", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:linux:*:*", "matchCriteriaId": "C9AB7540-A007-4554-A0E6-F75FDECB41FE", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:unix:*:*", "matchCriteriaId": "E48B9069-E7BD-480F-90B3-3791D5D2E79E", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:windows:*:*", "matchCriteriaId": "9A04E067-F41C-494B-B59A-92B9FA001122", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:linux:*:*", "matchCriteriaId": "A2ED357E-CBC6-454F-9B9E-E98E9A139376", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:unix:*:*", "matchCriteriaId": "33D92200-08A1-42F4-98B8-52584342C18B", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:windows:*:*", "matchCriteriaId": "A49F8B60-EAC8-46B6-9F48-6C877E41D615", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:linux:*:*", "matchCriteriaId": "42CB728E-ECA8-40DE-83E7-8AF390AA61FA", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:unix:*:*", "matchCriteriaId": "9105BCAD-F2C6-4568-B497-D72424753B58", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:windows:*:*", "matchCriteriaId": "ADF7E611-0330-437D-9535-B710EC2FDA00", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*", "matchCriteriaId": "F480AA32-841A-4E68-9343-B2E7548B0A0C", "vulnerable": false}, {"criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*", "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89", "vulnerable": false}, {"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}, {"criteria": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:-:*", "matchCriteriaId": "F5027746-8216-452D-83C5-2F8E9546F2A5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to an information disclosure in some scenarios due to unauthorized access caused by improper privilege management when CREATE OR REPLACE command is used. IBM X-Force ID: 225979."}, {"lang": "es", "value": "IBM Db2 para Linux, UNIX y Windows versiones 9.7, 10.1, 10.5, 11.1 y 11.5, es vulnerable a una divulgaci\u00f3n de informaci\u00f3n en algunos escenarios debido a un acceso no autorizado causado por una administraci\u00f3n de privilegios inapropiada cuando es usado el comando CREATE OR REPLACE. IBM X-Force ID: 225979"}], "id": "CVE-2022-22483", "lastModified": "2023-09-21T17:15:09.930", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "psirt@us.ibm.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-09-13T21:15:09.107", "references": [{"source": "psirt@us.ibm.com", "tags": ["VDB Entry", "Vendor Advisory"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/225979"}, {"source": "psirt@us.ibm.com", "url": "https://security.netapp.com/advisory/ntap-20230921-0004/"}, {"source": "psirt@us.ibm.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/6618779"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "nvd@nist.gov", "type": "Primary"}]}