Lucene search

IBM6E2195DB1D22DAC6DB711485026A86E085CBACC1EEC763CB6D98D6860CEEFBFD

HistoryJul 28, 2022 - 8:25 p.m.

Security Bulletin: IBM Db2® Warehouse has released a fix in response to multiple vulnerabilities found in IBM Db2®

2022-07-2820:25:09

www.ibm.com

ibm

db2 warehouse

vulnerabilities

fix

versions 9.7

10.1

10.5

11.1

11.5

update

remediation

ibm dashdb local

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

45.9%

JSON

Summary

IBM has released the following fix for IBM Db2® Warehouse in response to multiple vulnerabilities found in IBM Db2®.

Vulnerability Details

CVEID:CVE-2022-22389
**DESCRIPTION:**IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may terminate abnormally when executing specially crafted SQL statements by an authenticated user. IBM X-Force ID: 2219740.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/221970 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-22390
**DESCRIPTION:**IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable to an information disclosure caused by improper privilege management when table function is used. IBM X-Force ID: 221973.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/221973 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM dashDB Local	All

Remediation/Fixes

Update your implementation to IBM Db2 Warehouse v11.5.7.0-CN5 or later. For information about how to update, see the following topics:

<https://www.ibm.com/docs/en/db2-warehouse?topic=warehouse-updating-db2>

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmdashdb_localMatchany

VendorProductVersionCPE
ibmdashdb_localanycpe:2.3:a:ibm:dashdb_local:any:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	dashdb_local	any	cpe:2.3:a:ibm:dashdb_local:any:::::::*

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

45.9%

JSON

Related for 6E2195DB1D22DAC6DB711485026A86E085CBACC1EEC763CB6D98D6860CEEFBFD