CVE-2022-22390: 
IBM Db2 vulnerability analysis and mitigation

IBM Db2 for Linux, UNIX and Windows versions 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable to an information disclosure caused by improper privilege management when table function is used. The vulnerability was identified as CVE-2022-22390 and was disclosed on June 23, 2022. This security flaw has been assigned IBM X-Force ID: 221973 (IBM Security Bulletin).

The vulnerability has a CVSS Base score of 7.5 (HIGH) with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N, indicating it can be exploited remotely without requiring privileges or user interaction. The vulnerability stems from improper privilege management specifically related to table function usage (NetApp Advisory).

Successful exploitation of this vulnerability could lead to unauthorized disclosure of sensitive information. The vulnerability allows attackers to access information that should be restricted, potentially compromising data confidentiality (IBM Security Bulletin).

IBM has released special builds containing interim fixes for all affected versions. These special builds are available based on the most recent fixpack level for each impacted release: V9.7 FP11, V10.1 FP6, V10.5 FP11, V11.1.4 FP7, and V11.5.7. The fixes can be applied to any affected fixpack level of the appropriate release to remediate this vulnerability (IBM Security Bulletin).