Search criteria
6 vulnerabilities found for db2_warehouse by ibm
FKIE_CVE-2023-42005
Vulnerability from fkie_nvd - Published: 2024-05-29 13:15 - Updated: 2025-08-18 15:03
Severity ?
7.4 (High) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data 3.5, 4.0, 4.5, 4.6, 4.7, and 4.8 could allow a user with access to the Kubernetes pod, to make system calls compromising the security of containers. IBM X-Force ID: 265264.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | db2 | 3.5 | |
| ibm | db2 | 3.5 | |
| ibm | db2 | 4.0 | |
| ibm | db2 | 4.0 | |
| ibm | db2 | 4.5 | |
| ibm | db2 | 4.5 | |
| ibm | db2 | 4.6 | |
| ibm | db2 | 4.6 | |
| ibm | db2 | 4.7 | |
| ibm | db2 | 4.7 | |
| ibm | db2 | 4.8 | |
| ibm | db2 | 4.8 | |
| ibm | db2_warehouse | 3.5 | |
| ibm | db2_warehouse | 3.5 | |
| ibm | db2_warehouse | 4.0 | |
| ibm | db2_warehouse | 4.0 | |
| ibm | db2_warehouse | 4.5 | |
| ibm | db2_warehouse | 4.5 | |
| ibm | db2_warehouse | 4.6 | |
| ibm | db2_warehouse | 4.6 | |
| ibm | db2_warehouse | 4.7 | |
| ibm | db2_warehouse | 4.7 | |
| ibm | db2_warehouse | 4.8 | |
| ibm | db2_warehouse | 4.8 | |
| ibm | cloud_pak_for_data | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:db2:3.5:-:*:*:-:*:*:*",
"matchCriteriaId": "0747E2F0-BF57-419A-8D3E-FACBB1429A7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:db2:3.5:refresh_10:*:*:-:*:*:*",
"matchCriteriaId": "15C6480A-8BA6-45BE-B605-B0AD1D5B1806",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:db2:4.0:-:*:*:-:*:*:*",
"matchCriteriaId": "07104A7F-4A21-4F2D-A209-127E257C7A60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:db2:4.0:refresh_9:*:*:-:*:*:*",
"matchCriteriaId": "392FE848-F249-4146-A4D4-F15B1C8F1CD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:db2:4.5:-:*:*:-:*:*:*",
"matchCriteriaId": "2D68EC34-E985-4DB8-8DD3-D6C18F8CD27D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:db2:4.5:refresh_3:*:*:-:*:*:*",
"matchCriteriaId": "A3C199D4-02EC-4C62-9228-87F1ECA329F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:db2:4.6:-:*:*:-:*:*:*",
"matchCriteriaId": "C21D8199-AE3A-4305-B44C-5A687D871D9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:db2:4.6:refresh_6:*:*:-:*:*:*",
"matchCriteriaId": "BF7D6CD1-1B99-4BC5-A8DA-65C089879CC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:db2:4.7:-:*:*:-:*:*:*",
"matchCriteriaId": "7187E3C2-90F2-4C61-B486-D0F7B0BB2594",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:db2:4.7:refresh_4:*:*:-:*:*:*",
"matchCriteriaId": "922DCF7C-68B8-49FD-A838-3A3DE922BE98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:db2:4.8:-:*:*:-:*:*:*",
"matchCriteriaId": "34F0463B-327F-43C6-B9BD-6DA3D734F0C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:db2:4.8:refresh_4:*:*:-:*:*:*",
"matchCriteriaId": "C13AB42E-0A44-4FFE-BE1C-DF91BE0FFA1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:db2_warehouse:3.5:-:*:*:*:*:*:*",
"matchCriteriaId": "FEC9BE0B-76A7-41BF-BE22-7F8C167DF243",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:db2_warehouse:3.5:refresh_10:*:*:*:*:*:*",
"matchCriteriaId": "A8C0972A-C0A7-4497-AE6F-D5F266F1DBF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:db2_warehouse:4.0:-:*:*:*:*:*:*",
"matchCriteriaId": "AE87E729-F00A-43F8-91FF-BAA8B4B3986C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:db2_warehouse:4.0:refresh_9:*:*:*:*:*:*",
"matchCriteriaId": "353A9E03-50CD-46E0-A5AB-351AA426007F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:db2_warehouse:4.5:-:*:*:*:*:*:*",
"matchCriteriaId": "E2CBB056-CC8A-4A34-AA3C-CDC7D8DE2426",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:db2_warehouse:4.5:refresh_3:*:*:*:*:*:*",
"matchCriteriaId": "2D823704-6F82-47BE-8658-466ECD051451",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:db2_warehouse:4.6:-:*:*:*:*:*:*",
"matchCriteriaId": "A4C71080-1C6B-4D8C-BA79-DED384A42290",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:db2_warehouse:4.6:refresh_6:*:*:*:*:*:*",
"matchCriteriaId": "2A0618E3-0AD6-48C9-B047-809554FDDD97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:db2_warehouse:4.7:-:*:*:*:*:*:*",
"matchCriteriaId": "2CBDB0AB-1F70-4B36-AE9F-B48DB7B96070",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:db2_warehouse:4.7:refresh_4:*:*:*:*:*:*",
"matchCriteriaId": "773DD7AA-2771-412F-AE79-E37B3E8FCBE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:db2_warehouse:4.8:-:*:*:*:*:*:*",
"matchCriteriaId": "B2D671B7-E8C1-4A50-BDDA-F9F511841EF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:db2_warehouse:4.8:refresh_4:*:*:*:*:*:*",
"matchCriteriaId": "4F30B3E8-0256-4305-ABF9-9398303D96F9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_data:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CEF8080B-A664-47DE-A637-965725C7E8BF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data 3.5, 4.0, 4.5, 4.6, 4.7, and 4.8 could allow a user with access to the Kubernetes pod, to make system calls compromising the security of containers. IBM X-Force ID: 265264."
},
{
"lang": "es",
"value": "IBM Db2 on Cloud Pak for Data y Db2 Warehouse on Cloud Pak for Data 3.5, 4.0, 4.5, 4.6, 4.7 y 4.8 podr\u00edan permitir a un usuario con acceso al pod de Kubernetes realizar llamadas al sistema que comprometan la seguridad de los contenedores. ID de IBM X-Force: 265264."
}
],
"id": "CVE-2023-42005",
"lastModified": "2025-08-18T15:03:51.540",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.4,
"impactScore": 5.9,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-05-29T13:15:48.710",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/265264"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7155078"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/265264"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7155078"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-41296
Vulnerability from fkie_nvd - Published: 2022-12-12 09:15 - Updated: 2024-11-21 07:22
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
IBM Db2U 3.5, 4.0, and 4.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 237210.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | db2 | 3.5 | |
| ibm | db2 | 3.5 | |
| ibm | db2 | 4.0 | |
| ibm | db2 | 4.0 | |
| ibm | db2 | 4.5 | |
| ibm | db2 | 4.5 | |
| ibm | db2_warehouse | 3.5 | |
| ibm | db2_warehouse | 3.5 | |
| ibm | db2_warehouse | 4.0 | |
| ibm | db2_warehouse | 4.0 | |
| ibm | db2_warehouse | 4.5 | |
| ibm | db2_warehouse | 4.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:db2:3.5:-:*:*:*:*:*:*",
"matchCriteriaId": "634480F6-1D26-4462-94C3-24DFCA3F4027",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:db2:3.5:refresh_10:*:*:*:*:*:*",
"matchCriteriaId": "0368BC26-3A80-4B70-8052-3F47B1484E74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:db2:4.0:-:*:*:*:*:*:*",
"matchCriteriaId": "EAC644E7-70FB-4BAE-81C7-5E9C89CB24B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:db2:4.0:refresh_9:*:*:*:*:*:*",
"matchCriteriaId": "4A557DCC-6343-4C56-8B60-FCBEB6426D42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:db2:4.5:-:*:*:*:*:*:*",
"matchCriteriaId": "C8D52709-C590-40A2-8486-8AFE5D8D4F2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:db2:4.5:refresh_3:*:*:*:*:*:*",
"matchCriteriaId": "BE38A78C-1EA6-45AA-9551-8B17BE9C9327",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:db2_warehouse:3.5:-:*:*:*:*:*:*",
"matchCriteriaId": "FEC9BE0B-76A7-41BF-BE22-7F8C167DF243",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:db2_warehouse:3.5:refresh_10:*:*:*:*:*:*",
"matchCriteriaId": "A8C0972A-C0A7-4497-AE6F-D5F266F1DBF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:db2_warehouse:4.0:-:*:*:*:*:*:*",
"matchCriteriaId": "AE87E729-F00A-43F8-91FF-BAA8B4B3986C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:db2_warehouse:4.0:refresh_9:*:*:*:*:*:*",
"matchCriteriaId": "353A9E03-50CD-46E0-A5AB-351AA426007F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:db2_warehouse:4.5:-:*:*:*:*:*:*",
"matchCriteriaId": "E2CBB056-CC8A-4A34-AA3C-CDC7D8DE2426",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:db2_warehouse:4.5:refresh_3:*:*:*:*:*:*",
"matchCriteriaId": "2D823704-6F82-47BE-8658-466ECD051451",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\nIBM Db2U 3.5, 4.0, and 4.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 237210.\n\n"
},
{
"lang": "es",
"value": "IBM Db2U 3.5, 4.0 y 4.5 es vulnerable a Cross-Site Request Forgery (CSRF), lo que podr\u00eda permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas por un usuario en el que conf\u00eda el sitio web. ID de IBM X-Force: 237210."
}
],
"id": "CVE-2022-41296",
"lastModified": "2024-11-21T07:22:59.737",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-12T09:15:12.760",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/237210"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6843071"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/237210"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20230120-0003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6843071"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2023-42005 (GCVE-0-2023-42005)
Vulnerability from cvelistv5 – Published: 2024-05-29 12:53 – Updated: 2024-08-02 19:16
VLAI?
Title
IBM Db2 on Cloud Pak for Data privilege escalation
Summary
IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data 3.5, 4.0, 4.5, 4.6, 4.7, and 4.8 could allow a user with access to the Kubernetes pod, to make system calls compromising the security of containers. IBM X-Force ID: 265264.
Severity ?
7.4 (High)
CWE
- CWE-264 - Permissions, Privileges, Access Controls
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Db2 on Cloud Pak for Data |
Affected:
3.5, 4.0, 4.5, 4.6, 4.7, 4.8
cpe:2.3:a:ibm:db2:3.5:refresh_10:*:*:*:*:*:* cpe:2.3:a:ibm:db2:4.0:refresh_9:*:*:*:*:*:* cpe:2.3:a:ibm:db2:4.5:refresh_3:*:*:*:*:*:* cpe:2.3:a:ibm:db2:4.6:refresh_6:*:*:*:*:*:* cpe:2.3:a:ibm:db2:4.7:refresh_4:*:*:*:*:*:* cpe:2.3:a:ibm:db2:4.8:refresh_4:*:*:*:*:*:* cpe:2.3:a:ibm:db2_warehouse:3.5:refresh_10:*:*:*:*:*:* cpe:2.3:a:ibm:db2_warehouse:4.0:refresh_9:*:*:*:*:*:* cpe:2.3:a:ibm:db2_warehouse:4.5:refresh_3:*:*:*:*:*:* cpe:2.3:a:ibm:db2_warehouse:4.6:refresh_6:*:*:*:*:*:* cpe:2.3:a:ibm:db2_warehouse:4.7:refresh_4:*:*:*:*:*:* cpe:2.3:a:ibm:db2_warehouse:4.8:refresh_4:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-42005",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-29T15:31:04.424637Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:25:23.462Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:16:49.464Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7155078"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/265264"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:db2:3.5:refresh_10:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2:4.0:refresh_9:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2:4.5:refresh_3:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2:4.6:refresh_6:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2:4.7:refresh_4:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2:4.8:refresh_4:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2_warehouse:3.5:refresh_10:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2_warehouse:4.0:refresh_9:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2_warehouse:4.5:refresh_3:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2_warehouse:4.6:refresh_6:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2_warehouse:4.7:refresh_4:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2_warehouse:4.8:refresh_4:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Db2 on Cloud Pak for Data",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "3.5, 4.0, 4.5, 4.6, 4.7, 4.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data 3.5, 4.0, 4.5, 4.6, 4.7, and 4.8 could allow a user with access to the Kubernetes pod, to make system calls compromising the security of containers. IBM X-Force ID: 265264.\u003c/span\u003e\n\n"
}
],
"value": "IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data 3.5, 4.0, 4.5, 4.6, 4.7, and 4.8 could allow a user with access to the Kubernetes pod, to make system calls compromising the security of containers. IBM X-Force ID: 265264."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-264",
"description": "CWE-264 Permissions, Privileges, Access Controls",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-29T12:53:04.315Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7155078"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/265264"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Db2 on Cloud Pak for Data privilege escalation",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2023-42005",
"datePublished": "2024-05-29T12:53:04.315Z",
"dateReserved": "2023-09-06T19:32:50.696Z",
"dateUpdated": "2024-08-02T19:16:49.464Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-41296 (GCVE-0-2022-41296)
Vulnerability from cvelistv5 – Published: 2022-12-01 17:24 – Updated: 2024-08-03 12:42
VLAI?
Title
IBM Db2U cross-site respect forgery
Summary
IBM Db2U 3.5, 4.0, and 4.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 237210.
Severity ?
6.5 (Medium)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:42:45.776Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20230120-0003/"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6843071"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/237210"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-41296",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-01T18:50:52.073301Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-01T18:50:58.935Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Db2U",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "3.5, 4.0, 4.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(204, 217, 226);\"\u003eIBM Db2U 3.5, 4.0, and 4.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 237210.\u003c/span\u003e\n\n"
}
],
"value": "\nIBM Db2U 3.5, 4.0, and 4.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 237210.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-12T01:49:10.008967Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/6843071"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/237210"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Db2U cross-site respect forgery",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2022-41296",
"datePublished": "2022-12-01T17:24:48.698Z",
"dateReserved": "2022-09-21T17:43:55.394Z",
"dateUpdated": "2024-08-03T12:42:45.776Z",
"requesterUserId": "69938c14-a5a2-41ac-a450-71ed41911136",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-42005 (GCVE-0-2023-42005)
Vulnerability from nvd – Published: 2024-05-29 12:53 – Updated: 2024-08-02 19:16
VLAI?
Title
IBM Db2 on Cloud Pak for Data privilege escalation
Summary
IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data 3.5, 4.0, 4.5, 4.6, 4.7, and 4.8 could allow a user with access to the Kubernetes pod, to make system calls compromising the security of containers. IBM X-Force ID: 265264.
Severity ?
7.4 (High)
CWE
- CWE-264 - Permissions, Privileges, Access Controls
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Db2 on Cloud Pak for Data |
Affected:
3.5, 4.0, 4.5, 4.6, 4.7, 4.8
cpe:2.3:a:ibm:db2:3.5:refresh_10:*:*:*:*:*:* cpe:2.3:a:ibm:db2:4.0:refresh_9:*:*:*:*:*:* cpe:2.3:a:ibm:db2:4.5:refresh_3:*:*:*:*:*:* cpe:2.3:a:ibm:db2:4.6:refresh_6:*:*:*:*:*:* cpe:2.3:a:ibm:db2:4.7:refresh_4:*:*:*:*:*:* cpe:2.3:a:ibm:db2:4.8:refresh_4:*:*:*:*:*:* cpe:2.3:a:ibm:db2_warehouse:3.5:refresh_10:*:*:*:*:*:* cpe:2.3:a:ibm:db2_warehouse:4.0:refresh_9:*:*:*:*:*:* cpe:2.3:a:ibm:db2_warehouse:4.5:refresh_3:*:*:*:*:*:* cpe:2.3:a:ibm:db2_warehouse:4.6:refresh_6:*:*:*:*:*:* cpe:2.3:a:ibm:db2_warehouse:4.7:refresh_4:*:*:*:*:*:* cpe:2.3:a:ibm:db2_warehouse:4.8:refresh_4:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-42005",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-29T15:31:04.424637Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:25:23.462Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:16:49.464Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7155078"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/265264"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:db2:3.5:refresh_10:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2:4.0:refresh_9:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2:4.5:refresh_3:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2:4.6:refresh_6:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2:4.7:refresh_4:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2:4.8:refresh_4:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2_warehouse:3.5:refresh_10:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2_warehouse:4.0:refresh_9:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2_warehouse:4.5:refresh_3:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2_warehouse:4.6:refresh_6:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2_warehouse:4.7:refresh_4:*:*:*:*:*:*",
"cpe:2.3:a:ibm:db2_warehouse:4.8:refresh_4:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Db2 on Cloud Pak for Data",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "3.5, 4.0, 4.5, 4.6, 4.7, 4.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data 3.5, 4.0, 4.5, 4.6, 4.7, and 4.8 could allow a user with access to the Kubernetes pod, to make system calls compromising the security of containers. IBM X-Force ID: 265264.\u003c/span\u003e\n\n"
}
],
"value": "IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data 3.5, 4.0, 4.5, 4.6, 4.7, and 4.8 could allow a user with access to the Kubernetes pod, to make system calls compromising the security of containers. IBM X-Force ID: 265264."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-264",
"description": "CWE-264 Permissions, Privileges, Access Controls",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-29T12:53:04.315Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7155078"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/265264"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Db2 on Cloud Pak for Data privilege escalation",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2023-42005",
"datePublished": "2024-05-29T12:53:04.315Z",
"dateReserved": "2023-09-06T19:32:50.696Z",
"dateUpdated": "2024-08-02T19:16:49.464Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-41296 (GCVE-0-2022-41296)
Vulnerability from nvd – Published: 2022-12-01 17:24 – Updated: 2024-08-03 12:42
VLAI?
Title
IBM Db2U cross-site respect forgery
Summary
IBM Db2U 3.5, 4.0, and 4.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 237210.
Severity ?
6.5 (Medium)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:42:45.776Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20230120-0003/"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6843071"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/237210"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-41296",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-01T18:50:52.073301Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-01T18:50:58.935Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Db2U",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "3.5, 4.0, 4.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(204, 217, 226);\"\u003eIBM Db2U 3.5, 4.0, and 4.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 237210.\u003c/span\u003e\n\n"
}
],
"value": "\nIBM Db2U 3.5, 4.0, and 4.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 237210.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-12T01:49:10.008967Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/6843071"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/237210"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Db2U cross-site respect forgery",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2022-41296",
"datePublished": "2022-12-01T17:24:48.698Z",
"dateReserved": "2022-09-21T17:43:55.394Z",
"dateUpdated": "2024-08-03T12:42:45.776Z",
"requesterUserId": "69938c14-a5a2-41ac-a450-71ed41911136",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}