CVE-2022-22353
First published: Fri Mar 11 2022(Updated: )
IBM Big SQL could allow an authenticated user with appropriate permissions to obtain sensitive information by bypassing data masking rules using a CREATE TABLE SELECT statement.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Big SQL on Cloudera Data Platform | <=7.1.0 | |
| IBM Big SQL on IBM Cloud Pak for Data | <=7.1.1 | |
| IBM Big SQL on IBM Cloud Pak for Data | <=7.2.0 - 7.2.3 | |
| IBM Big SQL on IBM Cloud Pak for Data | <=7.2.3 | |
| IBM Big SQL | =7.1.0 | |
| Cloudera Data Platform | =7.1.3 | |
| Cloudera Data Platform | =7.1.4 | |
| Cloudera Data Platform | =7.1.5 | |
| Cloudera Data Platform | =7.1.7 | |
| IBM Big SQL | =7.1.1 | |
| IBM Cloud Pak for Data | =3.5 | |
| IBM Cloud Pak for Data | =3.5-refresh_1 | |
| IBM Cloud Pak for Data | =3.5-refresh_9 | |
| IBM Big SQL | >=7.2.0<=7.2.3 | |
| IBM Cloud Pak for Data | =4.0 | |
| IBM Cloud Pak for Data | =4.0-refresh_1 | |
| IBM Cloud Pak for Data | =4.0-refresh_3 | |
| IBM Big SQL | =7.2.3 | |
| IBM Cloud Pak for Data | =4.0-refresh_4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2022-22353.
What is the severity of CVE-2022-22353?
The severity of CVE-2022-22353 is medium with a severity value of 6.5.
What is the affected software for CVE-2022-22353?
The affected software for CVE-2022-22353 is IBM Big SQL on IBM Cloud Pak for Data versions 7.1.0, 7.1.1, 7.2.0, and 7.2.3.
How can an authenticated user exploit CVE-2022-22353?
An authenticated user with appropriate permissions can exploit CVE-2022-22353 by bypassing data masking rules using a CREATE TABLE SELECT statement.
How can I fix CVE-2022-22353?
To fix CVE-2022-22353, apply the relevant patches provided by IBM.
- agent/references
- agent/first-publish-date
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/last-modified-date
- agent/softwarecombine
- agent/description
- collector/ibm-support
- source/IBM
- agent/software-canonical-lookup
- agent/tags
- agent/event
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/ibm
- canonical/ibm big sql on cloudera data platform
- version/ibm big sql on cloudera data platform/7.1.0
- canonical/ibm big sql on ibm cloud pak for data
- version/ibm big sql on ibm cloud pak for data/7.1.1
- version/ibm big sql on ibm cloud pak for data/7.2.0 - 7.2.3
- version/ibm big sql on ibm cloud pak for data/7.2.3
- canonical/ibm big sql
- version/ibm big sql/7.1.0
- vendor/cloudera
- canonical/cloudera data platform
- version/cloudera data platform/7.1.3
- version/cloudera data platform/7.1.4
- version/cloudera data platform/7.1.5
- version/cloudera data platform/7.1.7
- version/ibm big sql/7.1.1
- canonical/ibm cloud pak for data
- version/ibm cloud pak for data/3.5
- version/ibm cloud pak for data/3.5-refresh_1
- version/ibm cloud pak for data/3.5-refresh_9
- version/ibm big sql/7.2.0
- version/ibm big sql/7.2.3
- version/ibm cloud pak for data/4.0
- version/ibm cloud pak for data/4.0-refresh_1
- version/ibm cloud pak for data/4.0-refresh_3
- version/ibm cloud pak for data/4.0-refresh_4