CVE-2022-22483Improper Privilege Management in IBM DB2

CWE-269Improper Privilege ManagementCWE-668Resource Exposure4 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
0.3%
top 47.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM DB2
Timeline
PublishedSep 13
Latest updateMar 3

Description

IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to an information disclosure in some scenarios due to unauthorized access caused by improper privilege management when CREATE OR REPLACE command is used. IBM X-Force ID: 225979.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

NVDibm/db25 versions+4

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

3
OSV
cmark-gfm vulnerabilities2025-03-03
GHSA
GHSA-v9c6-wxq5-v85x: IBM Db2 for Linux, UNIX and Windows 92022-09-14
CVEList
CVE-2022-22483: IBM Db2 for Linux, UNIX and Windows 92022-09-13
CVE-2022-22483 — Improper Privilege Management in IBM | cvebase