CVE-2022-22483: 
IBM Db2 vulnerability analysis and mitigation

IBM Db2 for Linux, UNIX and Windows versions 9.7, 10.1, 10.5, 11.1, and 11.5 was identified with a vulnerability tracked as CVE-2022-22483. The vulnerability relates to information disclosure that occurs due to unauthorized access caused by improper privilege management when using the CREATE OR REPLACE command (IBM Advisory, NVD).

The vulnerability has been assigned a CVSS v3.1 Base Score of 6.5 (Medium) with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. This indicates that the vulnerability is network-accessible, requires low attack complexity, needs low privileges, requires no user interaction, has unchanged scope, and can result in high confidentiality impact without affecting integrity or availability (NVD).

When successfully exploited, this vulnerability could lead to the disclosure of sensitive information through unauthorized access. The vulnerability specifically affects scenarios involving the CREATE OR REPLACE command functionality (IBM Advisory, NetApp Advisory).

IBM has released fixes for all affected versions through special builds based on the most recent fixpack levels: V9.7 FP11, V10.1 FP6, V10.5 FP11, V11.1.4 FP7, and V11.5.8. These special builds can be applied to any affected fixpack level of the appropriate release to remediate the vulnerability. No workarounds are available for this vulnerability (IBM Advisory).