Lucene search
HistoryDec 12, 2022 - 9:15 a.m.
CVE-2022-41296
ibm
db2u
cross-site request forgery
security vulnerability
unauthorized actions
x-force id
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
29.6%
IBM Db2U 3.5, 4.0, and 4.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 237210.
Affected configurations
Node
ibmdb2Match3.5-
ORibmdb2Match3.5refresh_10
ORibmdb2Match4.0-
ORibmdb2Match4.0refresh_9
ORibmdb2Match4.5-
ORibmdb2Match4.5refresh_3
ORibmdb2_warehouseMatch3.5-
ORibmdb2_warehouseMatch3.5refresh_10
ORibmdb2_warehouseMatch4.0-
ORibmdb2_warehouseMatch4.0refresh_9
ORibmdb2_warehouseMatch4.5-
ORibmdb2_warehouseMatch4.5refresh_3
Related
cve
cve
CVE-2022-41296
2022-12-12 09:15:12
cvelist
cvelist
CVE-2022-41296 IBM Db2U cross-site respect forgery
2022-12-01 17:24:48
cnvd
cnvd
IBM DB2 Cross-Site Request Forgery Vulnerability (CNVD-2023-00813)
2022-12-15 00:00:00
prion
prion
Cross site request forgery (csrf)
2022-12-12 09:15:00
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
29.6%
Related for NVD:CVE-2022-41296