Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2022.5437
Security Bulletin: Multiple vulnerabilities affect IBM Db2 On Openshift,
IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data
31 October 2022
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: IBM Db2 Warehouse
Publisher: IBM
Operating System: Windows
UNIX variants (UNIX, Linux, OSX)
Resolution: Patch/Upgrade
CVE Names: CVE-2022-29622 CVE-2022-29217 CVE-2022-22390
CVE-2022-22389 CVE-2021-32690 CVE-2020-15187
CVE-2020-15186 CVE-2020-15185
Original Bulletin:
https://www.ibm.com/support/pages/node/6832428
Comment: CVSS (Max): 9.8 CVE-2022-29622 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS Source: IBM
Calculator: https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- --------------------------BEGIN INCLUDED TEXT--------------------
Multiple vulnerabilities affect IBM Db2 On Openshift, IBM Db2 on Cloud Pak for
Data and Db2 Warehouse on Cloud Pak for Data
Document Information
Document number : 6832428
Modified date : 27 October 2022
Product : IBM Db2 Warehouse
Software version : All
Operating system(s): Platform Independent
Summary
IBM has released the below fix for IBM Db2 On Openshift, IBM Db2 on Cloud Pak
for Data and Db2 Warehouse on Cloud Pak for Data in response to multiple
vulnerabilities found in multiple components.
Vulnerability Details
CVEID: CVE-2020-15187
DESCRIPTION: Helm could allow a remote authenticated attacker to bypass
security restrictions, caused by an issue with containing duplicates of the
same entry in the plugin.yaml file. By sending a specially-crafted input, an
attacker could exploit this vulnerability to modify a plugin's install hooks to
perform a local execution attack..
CVSS Base score: 6.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
188456 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)
CVEID: CVE-2022-29217
DESCRIPTION: PyJWT could allow a remote attacker to bypass security
restrictions, caused by the key confusion through non-blocklisted public key
formats. By sending a specially-crafted request, an attacker could exploit this
vulnerability to choose the used signing algorithm.
CVSS Base score: 7.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
227222 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)
CVEID: CVE-2022-29622
DESCRIPTION: Node.js Formidable module could allow a remote attacker to upload
arbitrary files, caused by the improper validation of file extensions. By
sending a specially-crafted HTTP request using the filename parameter, an
attacker could exploit this vulnerability to upload a malicious PDF file, which
could allow the attacker to execute arbitrary code on the vulnerable system.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
226582 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2020-15186
DESCRIPTION: Helm could allow a remote attacker to bypass security
restrictions, caused by improper input valuation by the plugin names. By
sending a specially-crafted input, an attacker could exploit this vulnerability
to duplicate the name of another plugin or spoofing the output to helm --help.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
188455 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVEID: CVE-2021-32690
DESCRIPTION: Helm could allow a remote attacker to obtain sensitive
information, caused by improper validation of user-supplied input by the
index.yaml file. By gaining access to the chart archives, an attacker could
exploit this vulnerability to obtain sensitive information, and use this
information to launch further attacks against the affected system.
CVSS Base score: 6.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
203901 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)
CVEID: CVE-2020-15185
DESCRIPTION: Helm could allow a remote authenticated attacker to bypass
security restrictions, caused by an issue with allowing duplicates of the same
chart entry in the repository index file. By sending a specially-crafted input,
an attacker could exploit this vulnerability to inject a bad chart into a
repository.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
188454 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)
CVEID: CVE-2022-22389
DESCRIPTION: IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and
11.5 is vulnerable to a denial of service as the server may terminate
abnormally when executing specially crafted SQL statements by an authenticated
user. IBM X-Force ID: 2219740.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
221970 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2022-22390
DESCRIPTION: IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and
11.5 may be vulnerable to an information disclosure caused by improper
privilege management when table function is used. IBM X-Force ID: 221973.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
221973 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
Affected Products and Versions
All platforms of the following IBM Db2 On Openshift fix pack releases and IBM
Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data refresh
levels are affected:
Release Version
v11.5.5.0 -
v11.5.5.0-cn4
v11.5.5.1 -
v11.5.5.1-cn3
IBM Db2 On Openshift v11.5.6.0 -
v11.5.6.0-cn5
v11.5.7.0 -
v11.5.7.0-cn6
v3.5 through refresh
10
IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud v4.0 through refresh
Pak for Data 9
v4.5 through refresh
2
Remediation/Fixes
IBM strongly recommends addressing the vulnerability now by upgrading to the
latest IBM Db2 On Openshift or the IBM Db2 on Cloud Pak for Data and Db2
Warehouse on Cloud Pak for Data release containing the fix for these issues.
These builds are available based on the most recent fixpack level of the
V11.5.7 release and the Cloud Pak for Data v4.5 release. They can be applied to
any affected fixpack level of the appropriate release to remediate this
vulnerability. Please note: If the affected release is any refresh level of
Cloud Pak for Data 3.5 or 4.0, it is strongly recommended to upgrade to Cloud
Pak for Data 4.5 Refresh 3
Product Fixed in Fix Instructions
Pack
IBM Db2 On Openshift v11.5.7.0-cn7 https://www.ibm.com/docs/en/db2/
11.5topic=1157-upgrading-updating
Db2 Warehouse: https://www.ibm.com/
docs/en/cloud-paks/cp-data/4.5.x
IBM Db2 on Cloud Pak for topic=warehouse-upgrading
Data and Db2 Warehouse on v4.5 Refresh
Cloud Pak for Data 3
Db2: https://www.ibm.com/docs/en/
cloud-paks/cp-data/4.5.xtopic=
db2-upgrading
Workarounds and Mitigations
None
Change History
27 Oct 2022: Initial Publication
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBY18G3ckNZI30y1K9AQh39BAAu1PzfRqzx6NhiiM0V34zTZ04b/3e7ILO
7gYBWL4o+lI1Vu73N4gmHAGzKfJM1pRqI/tfGpP0Nl5PJJ23lxz1D7i3837FZZXp
x8nh60uN91vZWzldM6UYk80yU9adTED6uOsg3XZC+YIsaeWuuE6oMO0CgPEouKY+
Tc02/IASdELtNSWWYqD7RgMDFIGzl1T9HSiakrL2fqeNQ5enQ8PckbYZgcvb1m2e
iyGHl7KcrFzgfnsxadHjbxnCr4pjPIMhR4O7brImB0K3n3JlURI6L3hXg1GT9wDk
nVC6O2Y0tqpoBrukv3e/zgT5L5vGpVPRp52SqXSZMyv1Ev2VwJzt2UTz3OZA8NLQ
A9kJQkf8IhczKcEd+N45Ij7+ErAl0nO880/OFGs5V83giFrRf6wmckB3x2V3oAnQ
C81wvS7iHAfE2lfQME3YcIjmsQ6i6iZV2iK7OQxnrAID2mnOto3YRIgKzjrHKqbg
0fn8GC82KDaWHtyiAXhm1tdaGdG2yW0IitPo7kSnjLBKvKQGU62AmsmaUBWugIH9
8OTU/M/4/XOkUhWmsaZcUaMCHCxP6ai1Bcm9FPBAeJMLXbQEcr5aCdmkEjAszlvf
zcSh56gatCLaNXtI8xd4kzSQbbAbVlTUjoexxgtf3mnRNwcDDdSy908Z15vE3SCD
lSUIxMpL0rY=
=+yR2
-----END PGP SIGNATURE-----