Search criteria
4 vulnerabilities found for big_sql by ibm
CVE-2024-35160 (GCVE-0-2024-35160)
Vulnerability from nvd – Published: 2024-11-23 13:48 – Updated: 2024-11-24 12:30
VLAI?
Title
IBM Watson Query on Cloud Pak for Data and IBM Db2 Big SQL on Cloud Pak for Data information disclosure
Summary
IBM Watson Query on Cloud Pak for Data 1.8, 2.0, 2.1, 2.2 and IBM Db2 Big SQL on Cloud Pak for Data 7.3, 7.4, 7.5, and 7.6 could allow an authenticated user to obtain sensitive information due to insufficient session expiration.
Severity ?
4.3 (Medium)
CWE
- CWE-613 - Insufficient Session Expiration
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| IBM | Watson Query for Cloud Pak for Data |
Affected:
1.8, 2.0, 2.1, 2.2
cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:1.8:*:*:*:*:*:*:* cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:2.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:2.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:2.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:big_sql:7.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:big_sql:7.4:*:*:*:*:*:*:* cpe:2.3:a:ibm:big_sql:7.5:*:*:*:*:*:*:* cpe:2.3:a:ibm:big_sql:7.6:*:*:*:*:*:*:* |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35160",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-24T12:30:09.564089Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-24T12:30:18.144Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:1.8:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:big_sql:7.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:big_sql:7.4:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:big_sql:7.5:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:big_sql:7.6:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Watson Query for Cloud Pak for Data",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "1.8, 2.0, 2.1, 2.2"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Db2 Big SQL on Cloud Pak for Data",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.3, 7.4, 7.5, 7.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Watson Query on Cloud Pak for Data 1\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e.8, 2.0, 2.1, 2.2\u003c/span\u003e\u0026nbsp;and IBM Db2 Big SQL on Cloud Pak for Data 7.3, 7.4, 7.5, and 7.6\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ecould allow an authenticated user to obtain sensitive information due to insufficient session expiration.\u003c/span\u003e"
}
],
"value": "IBM Watson Query on Cloud Pak for Data 1.8, 2.0, 2.1, 2.2\u00a0and IBM Db2 Big SQL on Cloud Pak for Data 7.3, 7.4, 7.5, and 7.6\u00a0could allow an authenticated user to obtain sensitive information due to insufficient session expiration."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-613",
"description": "CWE-613 Insufficient Session Expiration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-23T13:48:16.110Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7168703"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7176947"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Watson Query on Cloud Pak for Data and IBM Db2 Big SQL on Cloud Pak for Data information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-35160",
"datePublished": "2024-11-23T13:48:16.110Z",
"dateReserved": "2024-05-09T16:27:47.448Z",
"dateUpdated": "2024-11-24T12:30:18.144Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22353 (GCVE-0-2022-22353)
Vulnerability from nvd – Published: 2022-03-14 17:00 – Updated: 2024-09-16 16:22
VLAI?
Summary
IBM Big SQL on IBM Cloud Pak for Data 7.1.0, 7.1.1, 7.2.0, and 7.2.3 could allow an authenticated user with appropriate permissions to obtain sensitive information by bypassing data masking rules using a CREATE TABLE SELECT statement. IBM X-Force ID: 220480.
Severity ?
CWE
- Obtain Information
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Big SQL on Cloud Pak for Data |
Affected:
7.1.0
Affected: 7.1.1 Affected: 7.2.0 Affected: 7.2.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:14:54.944Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6563021"
},
{
"name": "ibm-bigsql-cve202222353-info-disc (220480)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/220480"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Big SQL on Cloud Pak for Data",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.1.0"
},
{
"status": "affected",
"version": "7.1.1"
},
{
"status": "affected",
"version": "7.2.0"
},
{
"status": "affected",
"version": "7.2.3"
}
]
}
],
"datePublic": "2022-03-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Big SQL on IBM Cloud Pak for Data 7.1.0, 7.1.1, 7.2.0, and 7.2.3 could allow an authenticated user with appropriate permissions to obtain sensitive information by bypassing data masking rules using a CREATE TABLE SELECT statement. IBM X-Force ID: 220480."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 4.6,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/A:N/C:H/AC:H/PR:L/S:U/I:N/UI:N/RC:C/E:U/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-14T17:00:25",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6563021"
},
{
"name": "ibm-bigsql-cve202222353-info-disc (220480)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/220480"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2022-03-11T00:00:00",
"ID": "CVE-2022-22353",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Big SQL on Cloud Pak for Data",
"version": {
"version_data": [
{
"version_value": "7.1.0"
},
{
"version_value": "7.1.1"
},
{
"version_value": "7.2.0"
},
{
"version_value": "7.2.3"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Big SQL on IBM Cloud Pak for Data 7.1.0, 7.1.1, 7.2.0, and 7.2.3 could allow an authenticated user with appropriate permissions to obtain sensitive information by bypassing data masking rules using a CREATE TABLE SELECT statement. IBM X-Force ID: 220480."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "H",
"AV": "N",
"C": "H",
"I": "N",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6563021",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6563021 (Big SQL on Cloud Pak for Data)",
"url": "https://www.ibm.com/support/pages/node/6563021"
},
{
"name": "ibm-bigsql-cve202222353-info-disc (220480)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/220480"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2022-22353",
"datePublished": "2022-03-14T17:00:25.751510Z",
"dateReserved": "2022-01-03T00:00:00",
"dateUpdated": "2024-09-16T16:22:27.140Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35160 (GCVE-0-2024-35160)
Vulnerability from cvelistv5 – Published: 2024-11-23 13:48 – Updated: 2024-11-24 12:30
VLAI?
Title
IBM Watson Query on Cloud Pak for Data and IBM Db2 Big SQL on Cloud Pak for Data information disclosure
Summary
IBM Watson Query on Cloud Pak for Data 1.8, 2.0, 2.1, 2.2 and IBM Db2 Big SQL on Cloud Pak for Data 7.3, 7.4, 7.5, and 7.6 could allow an authenticated user to obtain sensitive information due to insufficient session expiration.
Severity ?
4.3 (Medium)
CWE
- CWE-613 - Insufficient Session Expiration
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| IBM | Watson Query for Cloud Pak for Data |
Affected:
1.8, 2.0, 2.1, 2.2
cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:1.8:*:*:*:*:*:*:* cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:2.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:2.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:2.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:big_sql:7.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:big_sql:7.4:*:*:*:*:*:*:* cpe:2.3:a:ibm:big_sql:7.5:*:*:*:*:*:*:* cpe:2.3:a:ibm:big_sql:7.6:*:*:*:*:*:*:* |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35160",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-24T12:30:09.564089Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-24T12:30:18.144Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:1.8:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:watson_query_with_cloud_pak_for_data_as_a_service:2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:big_sql:7.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:big_sql:7.4:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:big_sql:7.5:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:big_sql:7.6:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Watson Query for Cloud Pak for Data",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "1.8, 2.0, 2.1, 2.2"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Db2 Big SQL on Cloud Pak for Data",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.3, 7.4, 7.5, 7.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Watson Query on Cloud Pak for Data 1\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e.8, 2.0, 2.1, 2.2\u003c/span\u003e\u0026nbsp;and IBM Db2 Big SQL on Cloud Pak for Data 7.3, 7.4, 7.5, and 7.6\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ecould allow an authenticated user to obtain sensitive information due to insufficient session expiration.\u003c/span\u003e"
}
],
"value": "IBM Watson Query on Cloud Pak for Data 1.8, 2.0, 2.1, 2.2\u00a0and IBM Db2 Big SQL on Cloud Pak for Data 7.3, 7.4, 7.5, and 7.6\u00a0could allow an authenticated user to obtain sensitive information due to insufficient session expiration."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-613",
"description": "CWE-613 Insufficient Session Expiration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-23T13:48:16.110Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7168703"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7176947"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Watson Query on Cloud Pak for Data and IBM Db2 Big SQL on Cloud Pak for Data information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-35160",
"datePublished": "2024-11-23T13:48:16.110Z",
"dateReserved": "2024-05-09T16:27:47.448Z",
"dateUpdated": "2024-11-24T12:30:18.144Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22353 (GCVE-0-2022-22353)
Vulnerability from cvelistv5 – Published: 2022-03-14 17:00 – Updated: 2024-09-16 16:22
VLAI?
Summary
IBM Big SQL on IBM Cloud Pak for Data 7.1.0, 7.1.1, 7.2.0, and 7.2.3 could allow an authenticated user with appropriate permissions to obtain sensitive information by bypassing data masking rules using a CREATE TABLE SELECT statement. IBM X-Force ID: 220480.
Severity ?
CWE
- Obtain Information
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Big SQL on Cloud Pak for Data |
Affected:
7.1.0
Affected: 7.1.1 Affected: 7.2.0 Affected: 7.2.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:14:54.944Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6563021"
},
{
"name": "ibm-bigsql-cve202222353-info-disc (220480)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/220480"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Big SQL on Cloud Pak for Data",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.1.0"
},
{
"status": "affected",
"version": "7.1.1"
},
{
"status": "affected",
"version": "7.2.0"
},
{
"status": "affected",
"version": "7.2.3"
}
]
}
],
"datePublic": "2022-03-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Big SQL on IBM Cloud Pak for Data 7.1.0, 7.1.1, 7.2.0, and 7.2.3 could allow an authenticated user with appropriate permissions to obtain sensitive information by bypassing data masking rules using a CREATE TABLE SELECT statement. IBM X-Force ID: 220480."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 4.6,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/A:N/C:H/AC:H/PR:L/S:U/I:N/UI:N/RC:C/E:U/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-14T17:00:25",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6563021"
},
{
"name": "ibm-bigsql-cve202222353-info-disc (220480)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/220480"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2022-03-11T00:00:00",
"ID": "CVE-2022-22353",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Big SQL on Cloud Pak for Data",
"version": {
"version_data": [
{
"version_value": "7.1.0"
},
{
"version_value": "7.1.1"
},
{
"version_value": "7.2.0"
},
{
"version_value": "7.2.3"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Big SQL on IBM Cloud Pak for Data 7.1.0, 7.1.1, 7.2.0, and 7.2.3 could allow an authenticated user with appropriate permissions to obtain sensitive information by bypassing data masking rules using a CREATE TABLE SELECT statement. IBM X-Force ID: 220480."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "H",
"AV": "N",
"C": "H",
"I": "N",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6563021",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6563021 (Big SQL on Cloud Pak for Data)",
"url": "https://www.ibm.com/support/pages/node/6563021"
},
{
"name": "ibm-bigsql-cve202222353-info-disc (220480)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/220480"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2022-22353",
"datePublished": "2022-03-14T17:00:25.751510Z",
"dateReserved": "2022-01-03T00:00:00",
"dateUpdated": "2024-09-16T16:22:27.140Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}