fkie_nvd - fkie_cve-2022-43927

fkie_cve-2022-43927

Vulnerability from fkie_nvd

Published

2023-02-17 17:15

Modified

2024-11-21 07:27

Severity ?

5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

IBM Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 is vulnerable to information Disclosure due to improper privilege management when a specially crafted table access is used. IBM X-Force ID: 241671.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/241671	VDB Entry, Vendor Advisory
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/6953759	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/241671	VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/6953759	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	10.5
ibm	db2	11.1
ibm	db2	11.1
ibm	db2	11.1
ibm	db2	11.5
ibm	db2	11.5
ibm	db2	11.5
hp	hp-ux	-
ibm	aix	-
linux	linux_kernel	-
microsoft	windows	-
oracle	solaris	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:linux:*:*",
              "matchCriteriaId": "C9AB7540-A007-4554-A0E6-F75FDECB41FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:unix:*:*",
              "matchCriteriaId": "E48B9069-E7BD-480F-90B3-3791D5D2E79E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:windows:*:*",
              "matchCriteriaId": "9A04E067-F41C-494B-B59A-92B9FA001122",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:linux:*:*",
              "matchCriteriaId": "A2ED357E-CBC6-454F-9B9E-E98E9A139376",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:unix:*:*",
              "matchCriteriaId": "33D92200-08A1-42F4-98B8-52584342C18B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:windows:*:*",
              "matchCriteriaId": "A49F8B60-EAC8-46B6-9F48-6C877E41D615",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:linux:*:*",
              "matchCriteriaId": "42CB728E-ECA8-40DE-83E7-8AF390AA61FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:unix:*:*",
              "matchCriteriaId": "9105BCAD-F2C6-4568-B497-D72424753B58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:windows:*:*",
              "matchCriteriaId": "ADF7E611-0330-437D-9535-B710EC2FDA00",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F480AA32-841A-4E68-9343-B2E7548B0A0C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "91F372EA-3A78-4703-A457-751B2C98D796",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 is vulnerable to information Disclosure due to improper privilege management when a specially crafted table access is used.  IBM X-Force ID:  241671."
    },
    {
      "lang": "es",
      "value": "IBM Db2 para Linux, UNIX y Windows 10.5, 11.1 y 11.5 es vulnerable a la divulgaci\u00f3n de informaci\u00f3n debido a una gesti\u00f3n inadecuada de privilegios cuando se utiliza un acceso a tablas especialmente manipulado. ID de IBM X-Force: 241671."
    }
  ],
  "id": "CVE-2022-43927",
  "lastModified": "2024-11-21T07:27:22.227",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-02-17T17:15:11.333",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/241671"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6953759"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/241671"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6953759"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-269"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2022-43927 (GCVE-0-2022-43927)

Vulnerability from cvelistv5

Published

2023-02-17 16:51

Modified

2025-03-18 15:44

Severity ?

5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor