CVE-2022-22390 - OpenCVE

IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable to an information disclosure caused by improper privilege management when table function is used. IBM X-Force ID: 221973.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Db2
Linux	Linux Kernel
Microsoft	Windows
Opengroup	Unix

Configuration 1 [-]

AND

OR	cpe:2.3:a:ibm:db2:9.7:::::::*
	cpe:2.3:a:ibm:db2:10.1:::::::*
	cpe:2.3:a:ibm:db2:10.5:::::::*
	cpe:2.3:a:ibm:db2:11.1:::::::*
	cpe:2.3:a:ibm:db2:11.5:::::::*

OR	cpe:2.3:o:linux:linux_kernel:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*
	cpe:2.3:o:opengroup:unix:-:::::::*

No data.

References

Link	Providers
https://exchange.xforce.ibmcloud.com/vulnerabilities/221973
https://security.netapp.com/advisory/ntap-20220729-0007/
https://www.ibm.com/support/pages/node/6597993

History

No history.

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2022-06-24T16:45:19.526105Z

Updated: 2024-09-16T16:43:54.489Z

Reserved: 2022-01-03T00:00:00

Link: CVE-2022-22390

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-06-24T17:15:08.563

Modified: 2022-10-28T22:41:34.657

Link: CVE-2022-22390

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "DB2 for Linux, UNIX and Windows", "vendor": "IBM", "versions": [{"status": "affected", "version": "10.5"}, {"status": "affected", "version": "10.1"}, {"status": "affected", "version": "9.7"}, {"status": "affected", "version": "11.1"}, {"status": "affected", "version": "11.5"}]}], "datePublic": "2022-06-23T00:00:00", "descriptions": [{"lang": "en", "value": "IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable to an information disclosure caused by improper privilege management when table function is used. IBM X-Force ID: 221973."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 5.4, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AC:L/PR:N/UI:N/A:N/C:H/I:N/S:U/AV:L/RC:C/E:U/RL:O", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "Obtain Information", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-07-29T19:07:39", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.ibm.com/support/pages/node/6597993"}, {"name": "ibm-db2-cve202222390-info-disc (221973)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/221973"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20220729-0007/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2022-06-23T00:00:00", "ID": "CVE-2022-22390", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "DB2 for Linux, UNIX and Windows", "version": {"version_data": [{"version_value": "10.5"}, {"version_value": "10.1"}, {"version_value": "9.7"}, {"version_value": "11.1"}, {"version_value": "11.5"}]}}]}, "vendor_name": "IBM"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable to an information disclosure caused by improper privilege management when table function is used. IBM X-Force ID: 221973."}]}, "impact": {"cvssv3": {"BM": {"A": "N", "AC": "L", "AV": "L", "C": "H", "I": "N", "PR": "N", "S": "U", "UI": "N"}, "TM": {"E": "U", "RC": "C", "RL": "O"}}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Obtain Information"}]}]}, "references": {"reference_data": [{"name": "https://www.ibm.com/support/pages/node/6597993", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6597993 (DB2 for Linux, UNIX and Windows)", "url": "https://www.ibm.com/support/pages/node/6597993"}, {"name": "ibm-db2-cve202222390-info-disc (221973)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/221973"}, {"name": "https://security.netapp.com/advisory/ntap-20220729-0007/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20220729-0007/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T03:14:54.684Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.ibm.com/support/pages/node/6597993"}, {"name": "ibm-db2-cve202222390-info-disc (221973)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/221973"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20220729-0007/"}]}]}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2022-22390", "datePublished": "2022-06-24T16:45:19.526105Z", "dateReserved": "2022-01-03T00:00:00", "dateUpdated": "2024-09-16T16:43:54.489Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*", "matchCriteriaId": "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*", "matchCriteriaId": "2952EB24-A015-4EC7-85E3-88588D0AB15B", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*", "matchCriteriaId": "6E232F83-BE4C-4B3E-A5B1-53F9D95F0368", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:*:*:*", "matchCriteriaId": "0DC3F2DB-9AE2-4B11-A838-167E857D831D", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:*:*:*", "matchCriteriaId": "3977E313-6CD6-42E3-8936-B244CF8127B6", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}, {"criteria": "cpe:2.3:o:opengroup:unix:-:*:*:*:*:*:*:*", "matchCriteriaId": "6A90CB3A-9BE7-475C-9E75-6ECAD2106302", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable to an information disclosure caused by improper privilege management when table function is used. IBM X-Force ID: 221973."}, {"lang": "es", "value": "IBM Db2 para Linux, UNIX y Windows versiones 9.7, 10.1, 10.5, 11.1 y 11.5, puede ser vulnerable a una divulgaci\u00f3n de informaci\u00f3n causada por una administraci\u00f3n inapropiada de privilegios cuando es usada la funci\u00f3n de tabla. IBM X-Force ID: 221973"}], "id": "CVE-2022-22390", "lastModified": "2022-10-28T22:41:34.657", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.5, "impactScore": 3.6, "source": "psirt@us.ibm.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-06-24T17:15:08.563", "references": [{"source": "psirt@us.ibm.com", "tags": ["VDB Entry", "Vendor Advisory"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/221973"}, {"source": "psirt@us.ibm.com", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20220729-0007/"}, {"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/6597993"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "nvd@nist.gov", "type": "Primary"}]}