CVE-2022-22353

5.3MEDIUM

Key Information:

Vendor
IBM
Status
Big Sql On Cloud Pak For Data
Vendor
CVE Published:
14 March 2022

Summary

IBM Big SQL on IBM Cloud Pak for Data 7.1.0, 7.1.1, 7.2.0, and 7.2.3 could allow an authenticated user with appropriate permissions to obtain sensitive information by bypassing data masking rules using a CREATE TABLE SELECT statement. IBM X-Force ID: 220480.

Affected Version(s)

Big SQL on Cloud Pak for Data 7.1.0

Big SQL on Cloud Pak for Data 7.1.1

Big SQL on Cloud Pak for Data 7.2.0

References

https://www.ibm.com/support/pages/node/6563021
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/220480
vdb-entryx_refsource_XF

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.