CVE-2022-22483

Published Sep 13, 2022

Last updated a year ago

CVSS medium 6.5

Overview

Description: IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to an information disclosure in some scenarios due to unauthorized access caused by improper privilege management when CREATE OR REPLACE command is used. IBM X-Force ID: 225979.
Source: psirt@us.ibm.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.5
Impact score: 3.6
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Severity: MEDIUM

CVSS 3.0

Type: Secondary
Base score: 6.5
Impact score: 3.6
Exploitability score: 2.8
Vector string: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Severity: MEDIUM

Weaknesses

nvd@nist.gov: CWE-269

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ibm:db2:9.7.0.0:*:*:*:*:linux:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B086C74D-FD81-4032-9F70-290CE183B0E0"
          },
          {
            "criteria": "cpe:2.3:a:ibm:db2:9.7.0.0:*:*:*:*:unix:*:*",
            "vulnerable": true,
            "matchCriteriaId": "78D395FE-473A-44D1-A2E5-451111B36255"
          },
          {
            "criteria": "cpe:2.3:a:ibm:db2:9.7.0.0:*:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "316E63FD-A22E-42DC-BF9F-DA0B932C3384"
          },
          {
            "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:linux:*:*",
            "vulnerable": true,
            "matchCriteriaId": "719EC236-1B9A-4D32-AE10-E092AA0673FE"
          },
          {
            "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:unix:*:*",
            "vulnerable": true,
            "matchCriteriaId": "837A367A-5376-402B-8584-F1D93392AC04"
          },
          {
            "criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "34F92819-22F3-451A-94D8-1112D426BD17"
          },
          {
            "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:linux:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C9AB7540-A007-4554-A0E6-F75FDECB41FE"
          },
          {
            "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:unix:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E48B9069-E7BD-480F-90B3-3791D5D2E79E"
          },
          {
            "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9A04E067-F41C-494B-B59A-92B9FA001122"
          },
          {
            "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:linux:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A2ED357E-CBC6-454F-9B9E-E98E9A139376"
          },
          {
            "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:unix:*:*",
            "vulnerable": true,
            "matchCriteriaId": "33D92200-08A1-42F4-98B8-52584342C18B"
          },
          {
            "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A49F8B60-EAC8-46B6-9F48-6C877E41D615"
          },
          {
            "criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:linux:*:*",
            "vulnerable": true,
            "matchCriteriaId": "42CB728E-ECA8-40DE-83E7-8AF390AA61FA"
          },
          {
            "criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:unix:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9105BCAD-F2C6-4568-B497-D72424753B58"
          },
          {
            "criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ADF7E611-0330-437D-9535-B710EC2FDA00"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F480AA32-841A-4E68-9343-B2E7548B0A0C"
          },
          {
            "criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
          },
          {
            "criteria": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:-:*",
            "vulnerable": false,
            "matchCriteriaId": "F5027746-8216-452D-83C5-2F8E9546F2A5"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 3.0

Weaknesses

Social media

Configurations

References