CVE-2022-22353
5.3
CVSS:3.0/AV:N/A:N/C:H/AC:H/PR:L/S:U/I:N/UI:N/RC:C/E:U/RL:O
Summary
IBM Big SQL on IBM Cloud Pak for Data 7.1.0, 7.1.1, 7.2.0, and 7.2.3 could allow an authenticated user with appropriate permissions to obtain sensitive information by bypassing data masking rules using a CREATE TABLE SELECT statement. IBM X-Force ID: 220480.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| IBM | Big SQL on Cloud Pak for Data | 7.1.0 | affected |
| IBM | Big SQL on Cloud Pak for Data | 7.1.1 | affected |
| IBM | Big SQL on Cloud Pak for Data | 7.2.0 | affected |
| IBM | Big SQL on Cloud Pak for Data | 7.2.3 | affected |
Weaknesses
- Obtain Information
ADP Enrichment
CVE Program Container
Additional References
- https://www.ibm.com/support/pages/node/6563021
- https://exchange.xforce.ibmcloud.com/vulnerabilities/220480
References
- https://www.ibm.com/support/pages/node/6563021
- https://exchange.xforce.ibmcloud.com/vulnerabilities/220480
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.