mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-06-08 22:18:22 +00:00
264 lines
7.9 KiB
JSON
264 lines
7.9 KiB
JSON
{
|
|
"id": "CVE-2022-22353",
|
|
"sourceIdentifier": "psirt@us.ibm.com",
|
|
"published": "2022-03-14T17:15:07.993",
|
|
"lastModified": "2022-03-22T14:40:36.893",
|
|
"vulnStatus": "Analyzed",
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "IBM Big SQL on IBM Cloud Pak for Data 7.1.0, 7.1.1, 7.2.0, and 7.2.3 could allow an authenticated user with appropriate permissions to obtain sensitive information by bypassing data masking rules using a CREATE TABLE SELECT statement. IBM X-Force ID: 220480."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "IBM Big SQL en IBM Cloud Pak for Data versiones 7.1.0, 7.1.1, 7.2.0 y 7.2.3, podr\u00eda permitir a un usuario autenticado con los permisos adecuados obtener informaci\u00f3n confidencial al omitir las reglas de enmascaramiento de datos mediante una sentencia CREATE TABLE SELECT. IBM X-Force ID: 220480"
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "LOW",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "NONE",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 6.5,
|
|
"baseSeverity": "MEDIUM"
|
|
},
|
|
"exploitabilityScore": 2.8,
|
|
"impactScore": 3.6
|
|
}
|
|
],
|
|
"cvssMetricV30": [
|
|
{
|
|
"source": "psirt@us.ibm.com",
|
|
"type": "Secondary",
|
|
"cvssData": {
|
|
"version": "3.0",
|
|
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "HIGH",
|
|
"privilegesRequired": "LOW",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "NONE",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 5.3,
|
|
"baseSeverity": "MEDIUM"
|
|
},
|
|
"exploitabilityScore": 1.6,
|
|
"impactScore": 3.6
|
|
}
|
|
],
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "LOW",
|
|
"authentication": "SINGLE",
|
|
"confidentialityImpact": "PARTIAL",
|
|
"integrityImpact": "NONE",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 4.0
|
|
},
|
|
"baseSeverity": "MEDIUM",
|
|
"exploitabilityScore": 8.0,
|
|
"impactScore": 2.9,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": false
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "NVD-CWE-noinfo"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:ibm:big_sql:7.1.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "6280ECB3-44A0-4ABE-9649-ADCA36987041"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:a:cloudera:data_platform:7.1.3:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "34D66F54-B5E4-4592-8D81-6F5FA5050AD2"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:a:cloudera:data_platform:7.1.4:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "40696221-58E6-4007-A569-BC5CB092BCF9"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:a:cloudera:data_platform:7.1.5:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "6CA8E30F-9528-4807-B724-33541DD483AF"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:a:cloudera:data_platform:7.1.7:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "2A4E786D-B883-4901-9AEE-D9CC00D066F2"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:ibm:big_sql:7.1.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "3499AC1D-FEB6-4E8D-8763-D6C41AE66E50"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_data:3.5:-:*:*:*:*:*:*",
|
|
"matchCriteriaId": "74BA5C30-0041-4DE6-A673-EACFCCE3E759"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_data:3.5:refresh_1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "441ADAEA-7036-48A2-8272-6F3493075499"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_data:3.5:refresh_9:*:*:*:*:*:*",
|
|
"matchCriteriaId": "0D9430C3-6D1E-46C2-A9F2-B416B266F10A"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:ibm:big_sql:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "7.2.0",
|
|
"versionEndIncluding": "7.2.3",
|
|
"matchCriteriaId": "C5710866-C865-4A15-88CA-E5CAA2CD1967"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_data:4.0:-:*:*:*:*:*:*",
|
|
"matchCriteriaId": "89FB80EE-E435-4D86-82B1-4A5AC1D85245"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_data:4.0:refresh_1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "5428EB87-06D7-46E2-B8F5-CE01EF0C5C8A"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_data:4.0:refresh_3:*:*:*:*:*:*",
|
|
"matchCriteriaId": "E552B244-DF27-46A5-AB04-C1AF91877F0A"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:ibm:big_sql:7.2.3:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "D02A88E8-BA33-498A-9517-62EF82BE0C02"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_data:4.0:refresh_4:*:*:*:*:*:*",
|
|
"matchCriteriaId": "F53C3054-B4D0-4626-81D1-B0406DFD8466"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/220480",
|
|
"source": "psirt@us.ibm.com",
|
|
"tags": [
|
|
"VDB Entry",
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://www.ibm.com/support/pages/node/6563021",
|
|
"source": "psirt@us.ibm.com",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
}
|
|
]
|
|
} |