Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-41296

IBM Db2U 3.5, 4.0, and 4.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 237210.

Published

2022-12-12T09:15:12.760

Last Modified

2024-11-21T07:22:59.737

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses

Type: Secondary
CWE-352
Type: Primary
CWE-352

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	ibm	db2	3.5	Yes
Application	ibm	db2	3.5	Yes
Application	ibm	db2	4.0	Yes
Application	ibm	db2	4.0	Yes
Application	ibm	db2	4.5	Yes
Application	ibm	db2	4.5	Yes
Application	ibm	db2_warehouse	3.5	Yes
Application	ibm	db2_warehouse	3.5	Yes
Application	ibm	db2_warehouse	4.0	Yes
Application	ibm	db2_warehouse	4.0	Yes
Application	ibm	db2_warehouse	4.5	Yes
Application	ibm	db2_warehouse	4.5	Yes

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/237210 VDB Entry, Vendor Advisory ([email protected])
https://www.ibm.com/support/pages/node/6843071 Vendor Advisory ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/237210 VDB Entry, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20230120-0003/ (af854a3a-2127-422b-91ae-364da2661108)
https://www.ibm.com/support/pages/node/6843071 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)