Lucene search

K
ibmIBM20253899F502FDF9B48857A95C7DD8AE785940A7D1A6A2E66760804009268FA3
HistoryMay 31, 2022 - 3:16 a.m.

Security Bulletin: Vulnerability in PCRE affects IBM SQL Extensions Toolkit for NPS

2022-05-3103:16:48
www.ibm.com
20
ibm sql extensions
nps
pcre
cve-2020-14155
version 8.44
fix central

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

EPSS

0.007

Percentile

80.4%

Summary

PCRE is used by IBM SQL Extensions Toolkit for NPS. IBM SQL Extensions Toolkit for NPS has addressed the applicable CVE by upgrading PCRE to version 8.44.

Vulnerability Details

CVEID:CVE-2020-14155
**DESCRIPTION:**PCRE could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in libpcre. By sending a request with a large number, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash.
CVSS Base score: 7.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/183499 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Affected Products and Versions

Affected Product(s) Version(s)
IBM SQL Extensions Toolkit for NPS 11.2.0.0

Remediation/Fixes

Product VRMF Remediation/First Fix
IBM SQL Extensions Toolkit for NPS 11.2.0.1
Link to Fix Central

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmcloud_pak_for_dataMatchany
VendorProductVersionCPE
ibmcloud_pak_for_dataanycpe:2.3:a:ibm:cloud_pak_for_data:any:*:*:*:*:*:*:*

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

EPSS

0.007

Percentile

80.4%