IBM20220624-124117

Added CVE-2022-22390, CVE-2022-22389
2025-06-10 02:04:31 +00:00 · 2022-06-24 12:41:17 -04:00 · 2022-06-24 12:41:17 -04:00 · b2d150345c
commit b2d150345c
parent 50f307b797
2 changed files with 198 additions and 30 deletions
--- a/2022/22xxx/CVE-2022-22389.json
+++ b/2022/22xxx/CVE-2022-22389.json
@ -1,18 +1,102 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
-    "CVE_data_meta": {
-        "ID": "CVE-2022-22389",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
-    },
-    "description": {
-        "description_data": [
+   "affects" : {
+      "vendor" : {
+         "vendor_data" : [
            {
-                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+               "product" : {
+                  "product_data" : [
+                     {
+                        "version" : {
+                           "version_data" : [
+                              {
+                                 "version_value" : "10.5"
+                              },
+                              {
+                                 "version_value" : "10.1"
+                              },
+                              {
+                                 "version_value" : "9.7"
+                              },
+                              {
+                                 "version_value" : "11.1"
+                              },
+                              {
+                                 "version_value" : "11.5"
+                              }
+                           ]
+                        },
+                        "product_name" : "DB2 for Linux, UNIX and Windows"
+                     }
+                  ]
+               },
+               "vendor_name" : "IBM"
            }
-        ]
-    }
-}
+         ]
+      }
+   },
+   "data_type" : "CVE",
+   "data_version" : "4.0",
+   "description" : {
+      "description_data" : [
+         {
+            "lang" : "eng",
+            "value" : "IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may terminate abnormally when executing specially crafted SQL statements by an authenticated user.  IBM X-Force ID:  2219740."
+         }
+      ]
+   },
+   "references" : {
+      "reference_data" : [
+         {
+            "title" : "IBM Security Bulletin 6598047 (DB2 for Linux, UNIX and Windows)",
+            "name" : "https://www.ibm.com/support/pages/node/6598047",
+            "url" : "https://www.ibm.com/support/pages/node/6598047",
+            "refsource" : "CONFIRM"
+         },
+         {
+            "title" : "X-Force Vulnerability Report",
+            "name" : "ibm-db2-cve202222389-dos (221970)",
+            "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/221970",
+            "refsource" : "XF"
+         }
+      ]
+   },
+   "data_format" : "MITRE",
+   "impact" : {
+      "cvssv3" : {
+         "BM" : {
+            "SCORE" : "6.500",
+            "UI" : "N",
+            "PR" : "L",
+            "AC" : "L",
+            "A" : "H",
+            "C" : "N",
+            "AV" : "N",
+            "S" : "U",
+            "I" : "N"
+         },
+         "TM" : {
+            "RL" : "O",
+            "E" : "U",
+            "RC" : "C"
+         }
+      }
+   },
+   "problemtype" : {
+      "problemtype_data" : [
+         {
+            "description" : [
+               {
+                  "lang" : "eng",
+                  "value" : "Denial of Service"
+               }
+            ]
+         }
+      ]
+   },
+   "CVE_data_meta" : {
+      "STATE" : "PUBLIC",
+      "ID" : "CVE-2022-22389",
+      "ASSIGNER" : "psirt@us.ibm.com",
+      "DATE_PUBLIC" : "2022-06-23T00:00:00"
+   }
+}
--- a/2022/22xxx/CVE-2022-22390.json
+++ b/2022/22xxx/CVE-2022-22390.json
@ -1,18 +1,102 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
-    "CVE_data_meta": {
-        "ID": "CVE-2022-22390",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
-    },
-    "description": {
-        "description_data": [
+   "affects" : {
+      "vendor" : {
+         "vendor_data" : [
            {
-                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+               "product" : {
+                  "product_data" : [
+                     {
+                        "product_name" : "DB2 for Linux, UNIX and Windows",
+                        "version" : {
+                           "version_data" : [
+                              {
+                                 "version_value" : "10.5"
+                              },
+                              {
+                                 "version_value" : "10.1"
+                              },
+                              {
+                                 "version_value" : "9.7"
+                              },
+                              {
+                                 "version_value" : "11.1"
+                              },
+                              {
+                                 "version_value" : "11.5"
+                              }
+                           ]
+                        }
+                     }
+                  ]
+               },
+               "vendor_name" : "IBM"
            }
-        ]
-    }
-}
+         ]
+      }
+   },
+   "data_type" : "CVE",
+   "data_version" : "4.0",
+   "description" : {
+      "description_data" : [
+         {
+            "value" : "IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable to an information disclosure caused by improper privilege management when table function is used.  IBM X-Force ID:  221973.",
+            "lang" : "eng"
+         }
+      ]
+   },
+   "data_format" : "MITRE",
+   "references" : {
+      "reference_data" : [
+         {
+            "refsource" : "CONFIRM",
+            "url" : "https://www.ibm.com/support/pages/node/6597993",
+            "name" : "https://www.ibm.com/support/pages/node/6597993",
+            "title" : "IBM Security Bulletin 6597993 (DB2 for Linux, UNIX and Windows)"
+         },
+         {
+            "title" : "X-Force Vulnerability Report",
+            "name" : "ibm-db2-cve202222390-info-disc (221973)",
+            "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/221973",
+            "refsource" : "XF"
+         }
+      ]
+   },
+   "impact" : {
+      "cvssv3" : {
+         "TM" : {
+            "RC" : "C",
+            "E" : "U",
+            "RL" : "O"
+         },
+         "BM" : {
+            "AC" : "L",
+            "PR" : "N",
+            "UI" : "N",
+            "SCORE" : "6.200",
+            "A" : "N",
+            "C" : "H",
+            "I" : "N",
+            "S" : "U",
+            "AV" : "L"
+         }
+      }
+   },
+   "problemtype" : {
+      "problemtype_data" : [
+         {
+            "description" : [
+               {
+                  "value" : "Obtain Information",
+                  "lang" : "eng"
+               }
+            ]
+         }
+      ]
+   },
+   "CVE_data_meta" : {
+      "DATE_PUBLIC" : "2022-06-23T00:00:00",
+      "ASSIGNER" : "psirt@us.ibm.com",
+      "ID" : "CVE-2022-22390",
+      "STATE" : "PUBLIC"
+   }
+}