Login Sign Up

CVE-2022-22495

8.8 HIGH
SQL Injection

📋 TL;DR

This SQL injection vulnerability in IBM i 7.3, 7.4, and 7.5 allows remote attackers to execute arbitrary SQL commands against the database. Attackers could read, modify, or delete sensitive data, potentially compromising the entire database system. Organizations running affected IBM i versions with SQL services exposed are at risk.

💻 Affected Systems

Products:
  • IBM i
Versions: 7.3, 7.4, 7.5
Operating Systems: IBM i (formerly OS/400)
Default Config Vulnerable: ⚠️ Yes
Notes: All configurations with SQL services enabled are vulnerable. The vulnerability exists in the SQL component of IBM i.

📦 What is this software?

I by Ibm

View all CVEs affecting I →

I by Ibm

View all CVEs affecting I →

I by Ibm

View all CVEs affecting I →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data theft, data destruction, privilege escalation, and potential lateral movement to other systems.

🟠

Likely Case

Unauthorized data access and modification, potentially exposing sensitive business information or customer data.

🟢

If Mitigated

Limited impact with proper input validation, parameterized queries, and network segmentation in place.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

SQL injection vulnerabilities typically have low exploitation complexity. The remote nature increases risk.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply IBM i Group PTFs as specified in IBM advisory

Vendor Advisory: https://www.ibm.com/support/pages/node/6589203

Restart Required: Yes

Instructions:

1. Review IBM advisory for specific PTF numbers. 2. Apply required PTFs via IBM i PTF management. 3. Restart affected services or system as required.

🔧 Temporary Workarounds

Input Validation and Parameterized Queries

all

Implement strict input validation and use parameterized queries/prepared statements in all SQL code.

Network Segmentation

all

Restrict network access to IBM i SQL services to only trusted hosts/networks.

🧯 If You Can't Patch

  • Implement strict input validation and parameterized queries in all applications
  • Restrict network access to IBM i SQL services using firewalls and network segmentation

🔍 How to Verify

Check if Vulnerable:

Check IBM i version and PTF level. If running 7.3, 7.4, or 7.5 without required PTFs, system is vulnerable.

Check Version:

DSPPTF or GO LICPGM on IBM i

Verify Fix Applied:

Verify PTF installation via IBM i PTF management and confirm version is patched per IBM advisory.

📡 Detection & Monitoring

Log Indicators:

  • Unusual SQL query patterns
  • SQL syntax errors in logs
  • Multiple failed SQL login attempts

Network Indicators:

  • Unusual SQL traffic patterns
  • SQL queries with suspicious characters or patterns

SIEM Query:

source="ibm_i" AND (sql_error OR sql_injection_patterns)

📊 Metadata

CVE ID: CVE-2022-22495
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-89
Published: May 24, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-22495, you might also want to check these:

CVE-2024-8522 10.0

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress si...

Same vulnerability type (CWE-89)
CVE-2024-13152 10.0

This SQL injection vulnerability in BSS Software's Mobuy Online Machinery Monitoring Panel allows at...

Same vulnerability type (CWE-89)
CVE-2021-42311 10.0

CVE-2021-42311 is a critical SQL injection vulnerability in Microsoft Defender for IoT that allows r...

Same vulnerability type (CWE-89)