fkie_nvd - fkie_cve-2022-22353

fkie_cve-2022-22353

Vulnerability from fkie_nvd

Published

2022-03-14 17:15

Modified

2024-11-21 06:46

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Summary

IBM Big SQL on IBM Cloud Pak for Data 7.1.0, 7.1.1, 7.2.0, and 7.2.3 could allow an authenticated user with appropriate permissions to obtain sensitive information by bypassing data masking rules using a CREATE TABLE SELECT statement. IBM X-Force ID: 220480.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/220480	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/6563021	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/220480	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/6563021	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	big_sql	7.1.0
cloudera	data_platform	7.1.3
cloudera	data_platform	7.1.4
cloudera	data_platform	7.1.5
cloudera	data_platform	7.1.7
ibm	big_sql	7.1.1
ibm	cloud_pak_for_data	3.5
ibm	cloud_pak_for_data	3.5
ibm	cloud_pak_for_data	3.5
ibm	big_sql	*
ibm	cloud_pak_for_data	4.0
ibm	cloud_pak_for_data	4.0
ibm	cloud_pak_for_data	4.0
ibm	big_sql	7.2.3
ibm	cloud_pak_for_data	4.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:big_sql:7.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6280ECB3-44A0-4ABE-9649-ADCA36987041",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cloudera:data_platform:7.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "34D66F54-B5E4-4592-8D81-6F5FA5050AD2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:cloudera:data_platform:7.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "40696221-58E6-4007-A569-BC5CB092BCF9",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:cloudera:data_platform:7.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CA8E30F-9528-4807-B724-33541DD483AF",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:cloudera:data_platform:7.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A4E786D-B883-4901-9AEE-D9CC00D066F2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:big_sql:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3499AC1D-FEB6-4E8D-8763-D6C41AE66E50",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:cloud_pak_for_data:3.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "74BA5C30-0041-4DE6-A673-EACFCCE3E759",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:ibm:cloud_pak_for_data:3.5:refresh_1:*:*:*:*:*:*",
              "matchCriteriaId": "441ADAEA-7036-48A2-8272-6F3493075499",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:ibm:cloud_pak_for_data:3.5:refresh_9:*:*:*:*:*:*",
              "matchCriteriaId": "0D9430C3-6D1E-46C2-A9F2-B416B266F10A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:big_sql:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5710866-C865-4A15-88CA-E5CAA2CD1967",
              "versionEndIncluding": "7.2.3",
              "versionStartIncluding": "7.2.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:cloud_pak_for_data:4.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "89FB80EE-E435-4D86-82B1-4A5AC1D85245",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:ibm:cloud_pak_for_data:4.0:refresh_1:*:*:*:*:*:*",
              "matchCriteriaId": "5428EB87-06D7-46E2-B8F5-CE01EF0C5C8A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:ibm:cloud_pak_for_data:4.0:refresh_3:*:*:*:*:*:*",
              "matchCriteriaId": "E552B244-DF27-46A5-AB04-C1AF91877F0A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:big_sql:7.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D02A88E8-BA33-498A-9517-62EF82BE0C02",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:cloud_pak_for_data:4.0:refresh_4:*:*:*:*:*:*",
              "matchCriteriaId": "F53C3054-B4D0-4626-81D1-B0406DFD8466",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Big SQL on IBM Cloud Pak for Data 7.1.0, 7.1.1, 7.2.0, and 7.2.3 could allow an authenticated user with appropriate permissions to obtain sensitive information by bypassing data masking rules using a CREATE TABLE SELECT statement. IBM X-Force ID: 220480."
    },
    {
      "lang": "es",
      "value": "IBM Big SQL en IBM Cloud Pak for Data versiones 7.1.0, 7.1.1, 7.2.0 y 7.2.3, podr\u00eda permitir a un usuario autenticado con los permisos adecuados obtener informaci\u00f3n confidencial al omitir las reglas de enmascaramiento de datos mediante una sentencia CREATE TABLE SELECT. IBM X-Force ID: 220480"
    }
  ],
  "id": "CVE-2022-22353",
  "lastModified": "2024-11-21T06:46:41.287",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-03-14T17:15:07.993",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/220480"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6563021"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/220480"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6563021"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2022-22353 (GCVE-0-2022-22353)

Vulnerability from cvelistv5

Published

2022-03-14 17:00

Modified

2024-09-16 16:22

Severity ?

5.3 (Medium) - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

CWE

Obtain Information