Vulnerability in Cloudera Data_platform
CVE-2022-22353
IBM Big SQL on IBM Cloud Pak for Data 7.1.0, 7.1.1, 7.2.0, and 7.2.3 could allow an authenticated user with appropriate permissions to obtain sensitive information by bypassing data masking rules using a CREATE TABLE SELECT statement. IBM…
EPSS: 0.009 (54.0th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N.
Affected products
- Cloudera Data_platform — versions 7.1.3, 7.1.4, 7.1.5
- Ibm Big_sql — versions 7.1.0, 7.1.1, 7.2.3
- Ibm Big Sql On Cloud Pak For Data — versions 7.1.0, 7.1.1, 7.2.0
- Ibm Cloud_pak_for_data — versions 3.5, 4.0
References
- psirt@us.ibm.com (x_refsource_CONFIRM, Vendor Advisory)
- psirt@us.ibm.com (VDB Entry, vdb-entry, Vendor Advisory, x_refsource_XF)
Frequently asked questions
- What is CVE-2022-22353?
- CVE-2022-22353 is a medium-severity vulnerability in Cloudera Data_platform. CVSS score: 6.5/10. Published 2022-03-14.
- How severe is CVE-2022-22353?
- Medium severity. CVSS v3 base score is 6.5 out of 10.