Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.5437 Security Bulletin: Multiple vulnerabilities affect IBM Db2 On Openshift, IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data 31 October 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: IBM Db2 Warehouse Publisher: IBM Operating System: Windows UNIX variants (UNIX, Linux, OSX) Resolution: Patch/Upgrade CVE Names: CVE-2022-29622 CVE-2022-29217 CVE-2022-22390 CVE-2022-22389 CVE-2021-32690 CVE-2020-15187 CVE-2020-15186 CVE-2020-15185 Original Bulletin: https://www.ibm.com/support/pages/node/6832428 Comment: CVSS (Max): 9.8 CVE-2022-29622 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CVSS Source: IBM Calculator: https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- Multiple vulnerabilities affect IBM Db2 On Openshift, IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data Document Information Document number : 6832428 Modified date : 27 October 2022 Product : IBM Db2 Warehouse Software version : All Operating system(s): Platform Independent Summary IBM has released the below fix for IBM Db2 On Openshift, IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data in response to multiple vulnerabilities found in multiple components. Vulnerability Details CVEID: CVE-2020-15187 DESCRIPTION: Helm could allow a remote authenticated attacker to bypass security restrictions, caused by an issue with containing duplicates of the same entry in the plugin.yaml file. By sending a specially-crafted input, an attacker could exploit this vulnerability to modify a plugin's install hooks to perform a local execution attack.. CVSS Base score: 6.3 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 188456 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L) CVEID: CVE-2022-29217 DESCRIPTION: PyJWT could allow a remote attacker to bypass security restrictions, caused by the key confusion through non-blocklisted public key formats. By sending a specially-crafted request, an attacker could exploit this vulnerability to choose the used signing algorithm. CVSS Base score: 7.4 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 227222 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) CVEID: CVE-2022-29622 DESCRIPTION: Node.js Formidable module could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially-crafted HTTP request using the filename parameter, an attacker could exploit this vulnerability to upload a malicious PDF file, which could allow the attacker to execute arbitrary code on the vulnerable system. CVSS Base score: 9.8 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 226582 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CVEID: CVE-2020-15186 DESCRIPTION: Helm could allow a remote attacker to bypass security restrictions, caused by improper input valuation by the plugin names. By sending a specially-crafted input, an attacker could exploit this vulnerability to duplicate the name of another plugin or spoofing the output to helm --help. CVSS Base score: 6.5 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 188455 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) CVEID: CVE-2021-32690 DESCRIPTION: Helm could allow a remote attacker to obtain sensitive information, caused by improper validation of user-supplied input by the index.yaml file. By gaining access to the chart archives, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system. CVSS Base score: 6.8 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 203901 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N) CVEID: CVE-2020-15185 DESCRIPTION: Helm could allow a remote authenticated attacker to bypass security restrictions, caused by an issue with allowing duplicates of the same chart entry in the repository index file. By sending a specially-crafted input, an attacker could exploit this vulnerability to inject a bad chart into a repository. CVSS Base score: 4.3 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 188454 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N) CVEID: CVE-2022-22389 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may terminate abnormally when executing specially crafted SQL statements by an authenticated user. IBM X-Force ID: 2219740. CVSS Base score: 6.5 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 221970 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) CVEID: CVE-2022-22390 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable to an information disclosure caused by improper privilege management when table function is used. IBM X-Force ID: 221973. CVSS Base score: 6.2 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 221973 for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) Affected Products and Versions All platforms of the following IBM Db2 On Openshift fix pack releases and IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data refresh levels are affected: Release Version v11.5.5.0 - v11.5.5.0-cn4 v11.5.5.1 - v11.5.5.1-cn3 IBM Db2 On Openshift v11.5.6.0 - v11.5.6.0-cn5 v11.5.7.0 - v11.5.7.0-cn6 v3.5 through refresh 10 IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud v4.0 through refresh Pak for Data 9 v4.5 through refresh 2 Remediation/Fixes IBM strongly recommends addressing the vulnerability now by upgrading to the latest IBM Db2 On Openshift or the IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data release containing the fix for these issues. These builds are available based on the most recent fixpack level of the V11.5.7 release and the Cloud Pak for Data v4.5 release. They can be applied to any affected fixpack level of the appropriate release to remediate this vulnerability. Please note: If the affected release is any refresh level of Cloud Pak for Data 3.5 or 4.0, it is strongly recommended to upgrade to Cloud Pak for Data 4.5 Refresh 3 Product Fixed in Fix Instructions Pack IBM Db2 On Openshift v11.5.7.0-cn7 https://www.ibm.com/docs/en/db2/ 11.5topic=1157-upgrading-updating Db2 Warehouse: https://www.ibm.com/ docs/en/cloud-paks/cp-data/4.5.x IBM Db2 on Cloud Pak for topic=warehouse-upgrading Data and Db2 Warehouse on v4.5 Refresh Cloud Pak for Data 3 Db2: https://www.ibm.com/docs/en/ cloud-paks/cp-data/4.5.xtopic= db2-upgrading Workarounds and Mitigations None Change History 27 Oct 2022: Initial Publication - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBY18G3ckNZI30y1K9AQh39BAAu1PzfRqzx6NhiiM0V34zTZ04b/3e7ILO 7gYBWL4o+lI1Vu73N4gmHAGzKfJM1pRqI/tfGpP0Nl5PJJ23lxz1D7i3837FZZXp x8nh60uN91vZWzldM6UYk80yU9adTED6uOsg3XZC+YIsaeWuuE6oMO0CgPEouKY+ Tc02/IASdELtNSWWYqD7RgMDFIGzl1T9HSiakrL2fqeNQ5enQ8PckbYZgcvb1m2e iyGHl7KcrFzgfnsxadHjbxnCr4pjPIMhR4O7brImB0K3n3JlURI6L3hXg1GT9wDk nVC6O2Y0tqpoBrukv3e/zgT5L5vGpVPRp52SqXSZMyv1Ev2VwJzt2UTz3OZA8NLQ A9kJQkf8IhczKcEd+N45Ij7+ErAl0nO880/OFGs5V83giFrRf6wmckB3x2V3oAnQ C81wvS7iHAfE2lfQME3YcIjmsQ6i6iZV2iK7OQxnrAID2mnOto3YRIgKzjrHKqbg 0fn8GC82KDaWHtyiAXhm1tdaGdG2yW0IitPo7kSnjLBKvKQGU62AmsmaUBWugIH9 8OTU/M/4/XOkUhWmsaZcUaMCHCxP6ai1Bcm9FPBAeJMLXbQEcr5aCdmkEjAszlvf zcSh56gatCLaNXtI8xd4kzSQbbAbVlTUjoexxgtf3mnRNwcDDdSy908Z15vE3SCD lSUIxMpL0rY= =+yR2 -----END PGP SIGNATURE-----