Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMD6D9A8CFDAF697437098822D393D0D7B91C865D982CC94240CCEF32A2DFCB42A
HistoryJan 05, 2023 - 11:01 p.m.

Security Bulletin: Vulnerabilities in IBM Db2 may affect IBM Spectrum Protect Server (CVE-2022-22483, CVE-2022-35637)

2023-01-0523:01:02
www.ibm.com
13
ibm spectrum protect server
ibm db2
denial of service
information disclosure
vulnerabilities
cve-2022-22483
cve-2022-35637

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

43.8%

JSON

Summary

IBM Spectrum Protect Server may be affected by vulnerabilities in IBM Db2 such as denial of service and information disclosure.

Vulnerability Details

CVEID:CVE-2022-22483
**DESCRIPTION:**IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to an information disclosure in some scenarios due to unauthorized access caused by improper privilege management when CREATE OR REPLACE command is used. IBM X-Force ID: 225979.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/225979 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)

CVEID:CVE-2022-35637
**DESCRIPTION:**IBM Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 is vulnerable to a denial of service after entering a malformed SQL statement into the Db2expln tool. IBM X-Force ID: 230823.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/230823 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Spectrum Protect Server 8.1.0.000-8.1.16.100

Remediation/Fixes

IBM Spectrum Protect Server Affected Releases Fixing Level Platform Link to Fix and Instructions
8.1.0.000-8.1.16.100 8.1.17.000 AIX, Linux, Windows <https://www.ibm.com/support/pages/node/6833512&gt;

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmspectrum_protectMatch8.1.17
CPENameOperatorVersion
ibm spectrum protecteq8.1.17

Related

cnvd 2
cvelist 2
nvd 2
cve 2
prion 2
ibm 2
cnvd
cnvd
IBM Db2 Information Disclosure Vulnerability (CNVD-2022-85416)
2022-11-25 00:00:00
IBM DB2 Denial of Service Vulnerability (CNVD-2022-78139)
2022-11-13 00:00:00
cvelist
cvelist
CVE-2022-22483
2022-09-13 00:00:00
CVE-2022-35637
2022-09-13 00:00:00
nvd
nvd
CVE-2022-22483
2022-09-13 21:15:09
CVE-2022-35637
2022-09-13 21:15:09
cve
cve
CVE-2022-22483
2022-09-13 21:15:09
CVE-2022-35637
2022-09-13 21:15:09
prion
prion
Information disclosure
2022-09-13 21:15:00
Design/Logic Flaw
2022-09-13 21:15:00
ibm
ibm
Security Bulletin: IBM® Db2® is vulnerable to an information disclosure in some scenarios due to unauthorized access caused by improper privilege management when CREATE OR REPLACE command is used. (CVE-2022-22483)
2022-11-21 17:28:32
Security Bulletin: IBM® Db2® is vulnerable to a denial of service after entering a specially crafted malformed SQL statement into the db2expln tool. (CVE-2022-35637)
2022-11-24 14:37:21

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

43.8%

JSON
Related for D6D9A8CFDAF697437098822D393D0D7B91C865D982CC94240CCEF32A2DFCB42A
cnvd2cvelist2nvd2cve2prion2ibm2