Lucene search

K
cve[email protected]CVE-2022-22483
HistorySep 13, 2022 - 9:15 p.m.

CVE-2022-22483

2022-09-1321:15:09
CWE-269
web.nvd.nist.gov
32
6
ibm
db2
linux
unix
windows
information disclosure
privilege management
cve-2022-22483
nvd
vulnerability

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

33.1%

IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to an information disclosure in some scenarios due to unauthorized access caused by improper privilege management when CREATE OR REPLACE command is used. IBM X-Force ID: 225979.

Affected configurations

Vulners
NVD
Node
ibmdb2Match10.5
OR
ibmdb2Match10.1
OR
ibmdb2Match9.7
OR
ibmdb2Match11.1
OR
ibmdb2Match11.5
VendorProductVersionCPE
ibmdb210.5cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*
ibmdb210.1cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*
ibmdb29.7cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*
ibmdb211.1cpe:2.3:a:ibm:db2:11.1:*:*:*:*:*:*:*
ibmdb211.5cpe:2.3:a:ibm:db2:11.5:*:*:*:*:*:*:*

CNA Affected

[
  {
    "vendor": "IBM",
    "product": "DB2 for Linux, UNIX and Windows",
    "versions": [
      {
        "version": "10.5",
        "status": "affected"
      },
      {
        "version": "10.1",
        "status": "affected"
      },
      {
        "version": "9.7",
        "status": "affected"
      },
      {
        "version": "11.1",
        "status": "affected"
      },
      {
        "version": "11.5",
        "status": "affected"
      }
    ]
  }
]

Social References

More

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

33.1%

Related for CVE-2022-22483