CVE-2022-22389: 
IBM Db2 vulnerability analysis and mitigation

IBM Db2 for Linux, UNIX and Windows versions 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service vulnerability identified as CVE-2022-22389. The vulnerability was discovered by Ruhai Zhang at BEIJING DBSEC TECHNOLOGY CO., LTD and was publicly disclosed on June 23, 2022. When exploited, the server may terminate abnormally when executing specially crafted SQL statements by an authenticated user (IBM Security Bulletin).

The vulnerability has been assigned a CVSS Base Score of 6.5 (Medium) with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. This indicates that the vulnerability can be exploited over the network, requires low attack complexity, needs low privileges, requires no user interaction, has unchanged scope, and affects only availability with high impact (NVD).

Successful exploitation of this vulnerability could lead to a denial of service condition where the Db2 server terminates abnormally. This affects the availability of the database service, potentially disrupting business operations that depend on database access (NetApp Security).

IBM has released special builds containing interim fixes for all affected versions. These builds are available based on the most recent fixpack level for each impacted release: V9.7 FP11, V10.1 FP6, V10.5 FP11, V11.1.4 FP7, and V11.5.7. The fixes can be downloaded from Fix Central and applied to any affected fixpack level of the appropriate release. No workarounds are available for this vulnerability (IBM Security Bulletin).