6.5

CVE-2022-22483

IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to an information disclosure in some scenarios due to unauthorized access caused by improper privilege management when CREATE OR REPLACE command is used. IBM X-Force ID: 225979.

Data is provided by the National Vulnerability Database (NVD)
IbmDb2 Version9.7.0.0 SwPlatformlinux
   HpHp-ux Version-
   IbmAix Version-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
   OracleSolaris Version- HwPlatform-
IbmDb2 Version9.7.0.0 SwPlatformunix
   HpHp-ux Version-
   IbmAix Version-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
   OracleSolaris Version- HwPlatform-
IbmDb2 Version9.7.0.0 SwPlatformwindows
   HpHp-ux Version-
   IbmAix Version-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
   OracleSolaris Version- HwPlatform-
IbmDb2 Version10.1 SwPlatformlinux
   HpHp-ux Version-
   IbmAix Version-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
   OracleSolaris Version- HwPlatform-
IbmDb2 Version10.1 SwPlatformunix
   HpHp-ux Version-
   IbmAix Version-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
   OracleSolaris Version- HwPlatform-
IbmDb2 Version10.1 SwPlatformwindows
   HpHp-ux Version-
   IbmAix Version-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
   OracleSolaris Version- HwPlatform-
IbmDb2 Version10.5 SwPlatformlinux
   HpHp-ux Version-
   IbmAix Version-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
   OracleSolaris Version- HwPlatform-
IbmDb2 Version10.5 SwPlatformunix
   HpHp-ux Version-
   IbmAix Version-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
   OracleSolaris Version- HwPlatform-
IbmDb2 Version10.5 SwPlatformwindows
   HpHp-ux Version-
   IbmAix Version-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
   OracleSolaris Version- HwPlatform-
IbmDb2 Version11.1 SwPlatformlinux
   HpHp-ux Version-
   IbmAix Version-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
   OracleSolaris Version- HwPlatform-
IbmDb2 Version11.1 SwPlatformunix
   HpHp-ux Version-
   IbmAix Version-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
   OracleSolaris Version- HwPlatform-
IbmDb2 Version11.1 SwPlatformwindows
   HpHp-ux Version-
   IbmAix Version-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
   OracleSolaris Version- HwPlatform-
IbmDb2 Version11.5 SwPlatformlinux
   HpHp-ux Version-
   IbmAix Version-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
   OracleSolaris Version- HwPlatform-
IbmDb2 Version11.5 SwPlatformunix
   HpHp-ux Version-
   IbmAix Version-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
   OracleSolaris Version- HwPlatform-
IbmDb2 Version11.5 SwPlatformwindows
   HpHp-ux Version-
   IbmAix Version-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
   OracleSolaris Version- HwPlatform-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.1% 0.279
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
psirt@us.ibm.com 6.5 2.8 3.6
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.