Published:
08 August 2022
Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2022.3892.2
Security Bulletin: Multiple vulnerabilities affect IBM Db2 On Openshift,
IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data
8 August 2022
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: IBM Db2 Warehouse
Publisher: IBM
Resolution: Patch/Upgrade
CVE Names: CVE-2022-33987 CVE-2022-29078 CVE-2022-28948
CVE-2022-25647 CVE-2022-0536 CVE-2021-44906
CVE-2021-43138 CVE-2020-7774
Original Bulletin:
https://www.ibm.com/support/pages/node/6610082
Comment: CVSS (Max): 9.8 CVE-2022-29078 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS Source: IBM
Calculator: https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Revision History: August 8 2022: Title update
August 8 2022: Initial Release
- --------------------------BEGIN INCLUDED TEXT--------------------
Multiple vulnerabilities affect IBM Db2 On Openshift, IBM Db2® on Cloud Pak for
Data and Db2 Warehouse® on Cloud Pak for Data
Document Information
Document number : 6610082
Modified date : 03 August 2022
Product : IBM Db2 Warehouse
Software version : All
Operating system(s): Platform Independent
Summary
IBM has released the below fix for IBM Db2 On Openshift, IBM Db2 on Cloud Pak
for Data and Db2 Warehouse on Cloud Pak for Data in response to multiple
vulnerabilities found in multiple components.
Vulnerability Details
CVEID: CVE-2022-33987
DESCRIPTION: Node.js got module could allow a remote attacker to bypass
security restrictions, caused by an unspecified. By sending a specially-crafted
request, an attacker could exploit this vulnerability to perform a redirect to
a UNIX socket.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
229246 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVEID: CVE-2021-43138
DESCRIPTION: Async could allow a remote attacker to execute arbitrary code on
the system, caused by prototype pollution in the mapValues() method. By
persuading a victim to open a specially-crafted file, an attacker could exploit
this vulnerability to execute arbitrary code on the system.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
223605 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVEID: CVE-2021-44906
DESCRIPTION: Node.js Minimist module could allow a remote attacker to execute
arbitrary code on the system, caused by a prototype pollution in setKey()
function in the index.js script. By sending a specially-crafted request, an
attacker could exploit this vulnerability to execute arbitrary code on the
system.
CVSS Base score: 5.6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
222195 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
CVEID: CVE-2022-29078
DESCRIPTION: Node.js ejs module could allow a remote attacker to execute
arbitrary code on the system, caused by a server-side template injection flaw
in settings[view options][outputFunctionName]. By sending a specially-crafted
HTTP request to overwrites the outputFunctionName option with an arbitrary OS
command, an attacker could exploit this vulnerability to execute arbitrary code
on the system.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
225116 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2022-25647
DESCRIPTION: Google Gson is vulnerable to a denial of service, caused by the
deserialization of untrusted data. By using the writeReplace() method, a remote
attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 7.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
217225 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H)
CVEID: CVE-2022-28948
DESCRIPTION: Go-Yaml is vulnerable to a denial of service, caused by a flaw in
the Unmarshal function. By sending a specially-crafted input, a remote attacker
could exploit this vulnerability to cause the program to crash.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
226978 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2020-7774
DESCRIPTION: Node.js y18n module could allow a remote attacker to execute
arbitrary code on the system, caused by a prototype pollution flaw. By sending
a specially-crafted request, an attacker could exploit this vulnerability to
execute arbitrary code on the system.
CVSS Base score: 7.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
191999 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
CVEID: CVE-2022-0536
DESCRIPTION: Node.js follow-redirects module could allow a remote authenticated
attacker to obtain sensitive information, caused by a leakage of the
Authorization header from the same hostname during HTTPS to HTTP redirection.
By utilize man-in-the-middle attack techniques, an attacker could exploit this
vulnerability to obtain Authorization header information, and use this
information to launch further attacks against the affected system.
CVSS Base score: 2.6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
219551 for the current score.
CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N)
Affected Products and Versions
All platforms of the following IBM Db2 On Openshift fix pack releases and IBM
Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data refresh
levels are affected:
Release Version
v11.5.5.0 -
v11.5.5.0-cn4
v11.5.5.1 -
v11.5.5.1-cn3
IBM Db2 On Openshift v11.5.6.0 -
v11.5.6.0-cn5
v11.5.7.0 -
v11.5.7.0-cn5
v3.5 through refresh
IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud 10
Pak for Data v4.0 through refresh
9
v4.5
Remediation/Fixes
IBM strongly recommends addressing the vulnerability now by upgrading to the
latest IBM Db2 On Openshift or the IBM Db2 on Cloud Pak for Data and Db2
Warehouse on Cloud Pak for Data release containing the fix for these issues.
These builds are available based on the most recent fixpack level of the
V11.5.7 release and the Cloud Pak for Data v4.5 release. They can be applied to
any affected fixpack level of the appropriate release to remediate this
vulnerability. Please note: If the affected release is any refresh level of
Cloud Pak for Data 3.5 or 4.0, it is strongly recommended to upgrade to Cloud
Pak for Data 4.5 Refresh 1
Product Fixed in Fix Instructions
Pack
https://www.ibm.com/docs/en/db2/
IBM Db2 On Openshift v11.5.7.0-cn6 11.5topic=1157-upgrading-updating
Db2 Warehouse: https://www.ibm.com/
docs/en/cloud-paks/cp-data/4.5.x
IBM Db2 on Cloud Pak for topic=warehouse-upgrading
Data and Db2 Warehouse on v4.5 Refresh
Cloud Pak for Data 1
Db2: https://www.ibm.com/docs/en/
cloud-paks/cp-data/4.5.xtopic=
db2-upgrading
Workarounds and Mitigations
None
Change History
03 Aug 2022: Initial Publication
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBYvB1N8kNZI30y1K9AQjwPg/+OVpvljSFL0nt7btcBczSRJ7MyF8a6dzQ
5XKWUWRVMZ3y5UuoWhyCkIX8V7yc2GyZcXmcBb3ZCcjWYIF7bRQdw+fVZNsyZyZ/
YqQcIm4rgB5IaycuHmqeQ2IsRFQrQy9skEwYgG2ybFJR5AL81UGDnapdR3WlmxIL
AMrxBmvMRew23TljfGaBRxYHLPKXKqkaVKqcFjLKUc2kwlO1b2OuQfkEFwDjA8kM
3//KAZHRvyIc4mg8mIapzDIyrASTv92+RKwg2Xc3ZwbC9ewjTIubLnoO+RnHuHZ1
qXCkeFhXJNiUrLiLhukZ9yMjU6e2el/9zdp/nHxRxAf3rEQsoxYG+DiDPecs8+ci
CCS/l2cd1aKC06DHmgEIck2au8daOEKTnSBdSJiNXZHlUNe/hZQxIsN4O8XsEjeK
oZWT3UwknfyOmEZ7u4x8mVMD1saOz9s0bIyaKbONOkkNuvg7sEdQ1o0XqOnpBoih
GuPPTtVZPSlsgmWuDtptJkQhrsAiXBlp0YZaOFyUyttUmU+VS+tuIVBNh1B/q1iB
A5c+FKiObXGEbbLTEgLmNl2ryzJ4FIUrrxq3JaYuGK/os+ZH0Aw72YFCY2AbNrMB
NKfn6XF+fjAVBwANfVISRIMY/DEzXVOiZYuaMsJRwB30FEF9hpu4aHlL9fFm9wHm
MG97JL00HKs=
=FSK2
-----END PGP SIGNATURE-----