| Vulnerability Name: | CVE-2022-22389 (CCN-221970) |
| Assigned: | 2022-06-23 |
| Published: | 2022-06-23 |
| Updated: | 2022-10-28 |
| Summary: | IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may terminate abnormally when executing specially crafted SQL statements by an authenticated user. IBM X-Force ID: 2219740.
|
| CVSS v3 Severity: | 6.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
5.7 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)| Exploitability Metrics: | Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None | | Scope: | Scope (S): Unchanged
| | Impact Metrics: | Confidentiality (C): None
Integrity (I): None
Availibility (A): High |
6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
5.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)| Exploitability Metrics: | Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None | | Scope: | Scope (S): Unchanged
| | Impact Metrics: | Confidentiality (C): None
Integrity (I): None
Availibility (A): High |
|
| CVSS v2 Severity: | 4.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P)| Exploitability Metrics: | Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): Single_Instance | | Impact Metrics: | Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial |
6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C)| Exploitability Metrics: | Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
| | Impact Metrics: | Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete |
|
| Vulnerability Type: | CWE-89
|
| Vulnerability Consequences: | Denial of Service |
| References: | Source: MITRE
Type: CNA
CVE-2022-22389
Source: XF
Type: UNKNOWN
ibm-db2-cve202222389-dos(221970)
Source: XF
Type: VDB Entry, Vendor Advisory
ibm-db2-cve202222389-dos (221970)
Source: CONFIRM
Type: Third Party Advisory
https://security.netapp.com/advisory/ntap-20220729-0007/
Source: CCN
Type: IBM Security Bulletin 6598047 (DB2 for Linux, UNIX and Windows)
IBM Db2 is vulnerable to a denial of service (CVE-2022-22389)
Source: CONFIRM
Type: Vendor Advisory
https://www.ibm.com/support/pages/node/6598047
Source: CCN
Type: IBM Security Bulletin 6607890 (DashDB Local)
IBM Db2 Warehouse has released a fix in response to multiple vulnerabilities found in IBM Db2
Source: CCN
Type: IBM Security Bulletin 6611649 (PureData System for Operational Analytics)
Multiple security vulnerabilities has been identified in IBM DB2 shipped with IBM PureData System for Operational Analytics
Source: CCN
Type: IBM Security Bulletin 6618709 (Intelligent Operations Center)
Multiple vulnerabilities found in IBM DB2 which is shipped with IBM Intelligent Operations Center(CVE-2022-22389, CVE-2022-22390, CVE-2022-25313, CVE-2022-25236, CVE-2022-25235, CVE-2022-25314, CVE-2022-25315)
Source: CCN
Type: IBM Security Bulletin 6621115 (Spectrum Protect Server)
Vulnerabilities in IBM Db2, Golang Go, and Logback may affect the IBM Spectrum Protect Server (CVE-2022-30631, CVE-2022-30633, CVE-2022-1705, CVE-2022-22389, CVE-2022-22390, CVE-2021-42550, CVE-2022-30629)
Source: CCN
Type: IBM Security Bulletin 6832428 (Db2 On Openshift)
Multiple vulnerabilities affect IBM Db2 On Openshift, IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data
Source: CCN
Type: IBM Security Bulletin 6966330 (Cloud Pak System Software Suite)
Multiple vulnerabilities in IBM Db2 for Linux, UNIX and Windows affect Cloud Pak System (CVE-2022-22389, CVE-2022-22390)
|
| Vulnerable Configuration: | Configuration 1:
cpe:/a:ibm:db2:10.1:*:*:*:*:-:*:*OR cpe:/a:ibm:db2:11.1:*:*:*:*:*:*:*OR cpe:/a:ibm:db2:9.7:*:*:*:*:*:*:*OR cpe:/a:ibm:db2:10.5:*:*:*:*:*:*:*OR cpe:/a:ibm:db2:11.5:*:*:*:*:-:*:*AND cpe:/o:microsoft:windows:-:*:*:*:*:*:*:*OR cpe:/o:linux:linux_kernel:-:*:*:*:*:*:*:*OR cpe:/o:opengroup:unix:-:*:*:*:*:*:*:*
Configuration CCN 1:
cpe:/a:ibm:db2:10.5:*:*:*:*:linux:*:*OR cpe:/a:ibm:db2:10.5:*:*:*:*:unix:*:*OR cpe:/a:ibm:db2:10.5:*:*:*:*:windows:*:*OR cpe:/a:ibm:db2:10.1:*:*:*:*:linux:*:*OR cpe:/a:ibm:db2:10.1:*:*:*:*:unix:*:*OR cpe:/a:ibm:db2:10.1:*:*:*:*:windows:*:*OR cpe:/a:ibm:db2:9.7:*:*:*:*:linux:*:*OR cpe:/a:ibm:db2:9.7:*:*:*:*:unix:*:*OR cpe:/a:ibm:db2:9.7:*:*:*:*:windows:*:*OR cpe:/a:ibm:db2:11.1:*:*:*:*:linux:*:*OR cpe:/a:ibm:db2:11.1:*:*:*:*:unix:*:*OR cpe:/a:ibm:db2:11.1:*:*:*:*:windows:*:*OR cpe:/a:ibm:db2:11.5:*:*:*:*:linux:*:*OR cpe:/a:ibm:db2:11.5:*:*:*:*:unix:*:*OR cpe:/a:ibm:db2:11.5:*:*:*:*:windows:*:*OR cpe:/a:ibm:dashdb_local:1.0.0:*:*:*:*:*:*:*AND cpe:/a:ibm:intelligent_operations_center:5.1.0:*:*:*:*:*:*:*OR cpe:/a:ibm:intelligent_operations_center:5.1.0.2:*:*:*:*:*:*:*OR cpe:/a:ibm:intelligent_operations_center:5.1.0.3:*:*:*:*:*:*:*OR cpe:/a:ibm:intelligent_operations_center:5.1.0.4:*:*:*:*:*:*:*OR cpe:/a:ibm:intelligent_operations_center:5.1.0.6:*:*:*:*:*:*:*OR cpe:/a:ibm:intelligent_operations_center:5.2:*:*:*:*:*:*:*OR cpe:/a:ibm:intelligent_operations_center:5.2.1:*:*:*:*:*:*:*
 Denotes that component is vulnerable |
| BACK |