CVE-2022-35637 - OpenCVE

IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service after entering a malformed SQL statement into the Db2expln tool. IBM X-Force ID: 230823.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Hp	Hp-ux
Ibm	Aix Db2
Linux	Linux Kernel
Microsoft	Windows
Oracle	Solaris

Configuration 1 [-]

AND

OR	cpe:2.3:o:hp:hp-ux:-:::::::*
	cpe:2.3:o:ibm:aix:-:::::::*
	cpe:2.3:o:linux:linux_kernel:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*
	cpe:2.3:o:oracle:solaris:-::::::-:

OR	cpe:2.3:a:ibm:db2:10.5:::::linux::
	cpe:2.3:a:ibm:db2:10.5:::::unix::
	cpe:2.3:a:ibm:db2:10.5:::::windows::
	cpe:2.3:a:ibm:db2:11.1:::::linux::
	cpe:2.3:a:ibm:db2:11.1:::::unix::
	cpe:2.3:a:ibm:db2:11.1:::::windows::
	cpe:2.3:a:ibm:db2:11.5:::::linux::
	cpe:2.3:a:ibm:db2:11.5:::::unix::
	cpe:2.3:a:ibm:db2:11.5:::::windows::

No data.

References

Link	Providers
https://exchange.xforce.ibmcloud.com/vulnerabilities/230823
https://security.netapp.com/advisory/ntap-20230921-0003/
https://www.ibm.com/support/pages/node/6618775

History

No history.

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2022-09-13T20:45:27.233996Z

Updated: 2024-09-16T19:40:50.184Z

Reserved: 2022-07-11T00:00:00

Link: CVE-2022-35637

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-09-13T21:15:09.303

Modified: 2023-09-21T17:15:14.740

Link: CVE-2022-35637

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-35637", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "dateUpdated": "2024-09-16T19:40:50.184Z", "dateReserved": "2022-07-11T00:00:00", "datePublished": "2022-09-13T20:45:27.233996Z"}, "containers": {"cna": {"datePublic": "2022-09-12T00:00:00", "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2023-09-21T16:06:14.219014"}, "descriptions": [{"lang": "en", "value": "IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service after entering a malformed SQL statement into the Db2expln tool. IBM X-Force ID: 230823."}], "affected": [{"vendor": "IBM", "product": "DB2 for Linux, UNIX and Windows", "versions": [{"version": "10.5", "status": "affected"}, {"version": "11.1", "status": "affected"}, {"version": "11.5", "status": "affected"}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/6618775"}, {"name": "ibm-db2-cve202235637-dos (230823)", "tags": ["vdb-entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/230823"}, {"url": "https://security.netapp.com/advisory/ntap-20230921-0003/"}], "metrics": [{"cvssV3_0": {"version": "3.0", "vectorString": "CVSS:3.0/C:N/A:H/I:N/AV:N/UI:N/S:U/PR:L/AC:L/RL:O/RC:C/E:U", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "exploitCodeMaturity": "UNPROVEN", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "baseScore": 6.5, "temporalScore": 5.7, "baseSeverity": "MEDIUM", "temporalSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"type": "text", "description": "Denial of Service", "lang": "en"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T09:36:44.442Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.ibm.com/support/pages/node/6618775", "tags": ["x_transferred"]}, {"name": "ibm-db2-cve202235637-dos (230823)", "tags": ["vdb-entry", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/230823"}, {"url": "https://security.netapp.com/advisory/ntap-20230921-0003/", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*", "matchCriteriaId": "F480AA32-841A-4E68-9343-B2E7548B0A0C", "vulnerable": false}, {"criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*", "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89", "vulnerable": false}, {"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}, {"criteria": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:-:*", "matchCriteriaId": "F5027746-8216-452D-83C5-2F8E9546F2A5", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:linux:*:*", "matchCriteriaId": "C9AB7540-A007-4554-A0E6-F75FDECB41FE", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:unix:*:*", "matchCriteriaId": "E48B9069-E7BD-480F-90B3-3791D5D2E79E", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:windows:*:*", "matchCriteriaId": "9A04E067-F41C-494B-B59A-92B9FA001122", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:linux:*:*", "matchCriteriaId": "A2ED357E-CBC6-454F-9B9E-E98E9A139376", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:unix:*:*", "matchCriteriaId": "33D92200-08A1-42F4-98B8-52584342C18B", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:windows:*:*", "matchCriteriaId": "A49F8B60-EAC8-46B6-9F48-6C877E41D615", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:linux:*:*", "matchCriteriaId": "42CB728E-ECA8-40DE-83E7-8AF390AA61FA", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:unix:*:*", "matchCriteriaId": "9105BCAD-F2C6-4568-B497-D72424753B58", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:windows:*:*", "matchCriteriaId": "ADF7E611-0330-437D-9535-B710EC2FDA00", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service after entering a malformed SQL statement into the Db2expln tool. IBM X-Force ID: 230823."}, {"lang": "es", "value": "IBM Db2 para Linux, UNIX y Windows versiones 9.7, 10.1, 10.5, 11.1 y 11.5, es vulnerable a una denegaci\u00f3n de servicio tras introducir una sentencia SQL malformada en la herramienta Db2expln. IBM X-Force ID: 230823"}], "id": "CVE-2022-35637", "lastModified": "2023-09-21T17:15:14.740", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "psirt@us.ibm.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-09-13T21:15:09.303", "references": [{"source": "psirt@us.ibm.com", "tags": ["VDB Entry", "Vendor Advisory"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/230823"}, {"source": "psirt@us.ibm.com", "url": "https://security.netapp.com/advisory/ntap-20230921-0003/"}, {"source": "psirt@us.ibm.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/6618775"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}