CVE-2022-22390
https://notcve.org/view.php?id=CVE-2022-22390
IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable to an information disclosure caused by improper privilege management when table function is used. IBM X-Force ID: 221973. IBM Db2 para Linux, UNIX y Windows versiones 9.7, 10.1, 10.5, 11.1 y 11.5, puede ser vulnerable a una divulgación de información causada por una administración inapropiada de privilegios cuando es usada la función de tabla. IBM X-Force ID: 221973 • https://exchange.xforce.ibmcloud.com/vulnerabilities/221973 https://security.netapp.com/advisory/ntap-20220729-0007 https://www.ibm.com/support/pages/node/6597993 • CWE-269: Improper Privilege Management •
CVE-2022-22389
https://notcve.org/view.php?id=CVE-2022-22389
IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may terminate abnormally when executing specially crafted SQL statements by an authenticated user. IBM X-Force ID: 2219740. IBM Db2 para Linux, UNIX y Windows versiones 9.7, 10.1, 10.5, 11.1 y 11.5, es vulnerable a una denegación de servicio, ya que el servidor puede terminar de forma anormal cuando son ejecutadas sentencias SQL especialmente diseñadas por un usuario autenticado. IBM X-Force ID: 2219740 • https://exchange.xforce.ibmcloud.com/vulnerabilities/221970 https://security.netapp.com/advisory/ntap-20220729-0007 https://www.ibm.com/support/pages/node/6598047 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2021-39002
https://notcve.org/view.php?id=CVE-2021-39002
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM DB2 para Linux, UNIX y Windows (incluye DB2 Connect Server) versiones 9.7, 10.1, 10.5, 11.1 y 11.5, usa algoritmos criptográficos más débiles de lo esperado que podrían permitir a un atacante descifrar información altamente confidencial • https://exchange.xforce.ibmcloud.com/vulnerabilities/213217 https://security.netapp.com/advisory/ntap-20220114-0002 https://www.ibm.com/support/pages/node/6523802 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVE-2021-38931
https://notcve.org/view.php?id=CVE-2021-38931
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1, and 11.5 is vulnerable to an information disclosure as a result of a connected user having indirect read access to a table where they are not authorized to select from. IBM X-Force ID: 210418. IBM Db2 para Linux, UNIX y Windows (incluye DB2 Connect Server) versiones 11.1, y 11.5, es vulnerable a una divulgación de información como resultado de que un usuario conectado tenga acceso indirecto de lectura a una tabla en la que no está autorizado a seleccionar. IBM X-Force ID: 210418 • https://exchange.xforce.ibmcloud.com/vulnerabilities/210418 https://security.netapp.com/advisory/ntap-20220114-0001 https://www.ibm.com/support/pages/node/6523810 • CWE-668: Exposure of Resource to Wrong Sphere •
CVE-2021-38926
https://notcve.org/view.php?id=CVE-2021-38926
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to gain privileges due to allowing modification of columns of existing tasks. IBM X-Force ID: 210321. IBM Db2 para Linux, UNIX y Windows (incluye Db2 Connect Server) versiones 9.7, 10.1, 10.5, 11.1 y 11.5, podría permitir a un usuario local conseguir privilegios debido a que permite la modificación de columnas de tareas existentes. IBM X-Force ID: 210321 • https://exchange.xforce.ibmcloud.com/vulnerabilities/210321 https://security.netapp.com/advisory/ntap-20220114-0002 https://www.ibm.com/support/pages/node/6523808 •