IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to an information disclosure in some scenarios due to unauthorized access caused by improper privilege management when CREATE OR REPLACE command is used. IBM X-Force ID: 225979.
References
Link | Resource |
---|---|
https://exchange.xforce.ibmcloud.com/vulnerabilities/225979 | VDB Entry Vendor Advisory |
https://security.netapp.com/advisory/ntap-20230921-0004/ | |
https://www.ibm.com/support/pages/node/6618779 | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
21 Sep 2023, 17:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
08 Aug 2023, 14:21
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-269 |
16 Sep 2022, 02:55
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* cpe:2.3:a:ibm:db2:11.1:*:*:*:*:unix:*:* cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:* cpe:2.3:a:ibm:db2:10.1:*:*:*:*:windows:*:* cpe:2.3:a:ibm:db2:10.5:*:*:*:*:linux:*:* cpe:2.3:a:ibm:db2:11.1:*:*:*:*:windows:*:* cpe:2.3:a:ibm:db2:11.5:*:*:*:*:linux:*:* cpe:2.3:a:ibm:db2:10.5:*:*:*:*:unix:*:* cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:* cpe:2.3:a:ibm:db2:11.5:*:*:*:*:windows:*:* cpe:2.3:a:ibm:db2:10.5:*:*:*:*:windows:*:* cpe:2.3:a:ibm:db2:9.7.0.0:*:*:*:*:unix:*:* cpe:2.3:a:ibm:db2:9.7.0.0:*:*:*:*:linux:*:* cpe:2.3:a:ibm:db2:10.1:*:*:*:*:unix:*:* cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* cpe:2.3:a:ibm:db2:9.7.0.0:*:*:*:*:windows:*:* cpe:2.3:a:ibm:db2:11.5:*:*:*:*:unix:*:* cpe:2.3:a:ibm:db2:11.1:*:*:*:*:linux:*:* cpe:2.3:a:ibm:db2:10.1:*:*:*:*:linux:*:* cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:-:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
CWE | CWE-668 | |
First Time |
Microsoft
Microsoft windows Hp Oracle Hp hp-ux Oracle solaris Ibm db2 Ibm Linux linux Kernel Linux Ibm aix |
|
References | (CONFIRM) https://www.ibm.com/support/pages/node/6618779 - Patch, Vendor Advisory | |
References | (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/225979 - VDB Entry, Vendor Advisory |
13 Sep 2022, 21:27
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-09-13 21:15
Updated : 2023-12-10 14:35
NVD link : CVE-2022-22483
Mitre link : CVE-2022-22483
CVE.ORG link : CVE-2022-22483
JSON object : View
Products Affected
oracle
- solaris
ibm
- aix
- db2
linux
- linux_kernel
microsoft
- windows
hp
- hp-ux
CWE
CWE-269
Improper Privilege Management