CVE-2022-22483
MEDIUMIBM Db2 9.7, 10.1, 10.5, 11.1, 11.5 - Unauthorized Information Disclosure via CREATE OR REPLACE Command
Title source: llmDescription
IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to an information disclosure in some scenarios due to unauthorized access caused by improper privilege management when CREATE OR REPLACE command is used. IBM X-Force ID: 225979.
References (3)
Core 3
Core References
VDB Entry, Vendor Advisory vdb-entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/225979
Patch, Vendor Advisory
https://www.ibm.com/support/pages/node/6618779
Vendor Advisory
https://security.netapp.com/advisory/ntap-20230921-0004/
Scores
CVSS v3
6.5
EPSS
0.0029
EPSS Percentile
52.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-269
Status
published
Products (5)
ibm/db2
9.7.0.0 (3 CPE variants)
ibm/db2
10.1 (3 CPE variants)
ibm/db2
10.5 (3 CPE variants)
ibm/db2
11.1 (3 CPE variants)
ibm/db2
11.5 (3 CPE variants)
Published
Sep 13, 2022
Tracked Since
Feb 18, 2026