IBM3A21E3D4F0AD7FC84C0EBF78FAA5E2DB8049C5BCD0024BABA96B24856DC57794Security Bulletin: Multiple security vulnerabilities has been identified in IBM® DB2® shipped with IBM PureData System for Operational Analytics
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.025 Low
EPSS
Percentile
89.9%
Summary
IBM® DB2® is shipped as a component of IBM PureData System for Operational Analytics. Information about security vulnerabilities affecting IBM DB2 have been published in a security bulletin (CVE-2022-22389, CVE-2022-22390, CVE-2022-25313, CVE-2022-25236, CVE-2022-25235, CVE-2022-25314, CVE-2022-25315).
Vulnerability Details
CVEID:CVE-2022-22389
**DESCRIPTION:**IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may terminate abnormally when executing specially crafted SQL statements by an authenticated user. IBM X-Force ID: 2219740.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/221970 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID:CVE-2022-22390
**DESCRIPTION:**IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable to an information disclosure caused by improper privilege management when table function is used. IBM X-Force ID: 221973.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/221973 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVEID:CVE-2022-25313
**DESCRIPTION:**libexpat is vulnerable to a denial of service, caused by stack exhaustion in build_model. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability using a large nesting depth in the DTD element to cause a denial of service.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/219947 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID:CVE-2022-25236
**DESCRIPTION:**libexpat is vulnerable to a denial of service, caused by improper protection against insertion of namesep characters into namespace URIs in xmlparse.c. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/219784 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID:CVE-2022-25235
**DESCRIPTION:**libexpat is vulnerable to a denial of service, caused by improper input validation in xmltok_impl.c. By persuading a victim to open a specially-crafted content with malformed encoding, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/219782 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID:CVE-2022-25314
**DESCRIPTION:**libexpat could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in the copyString function. By sending an overly-long argument, an attacker could overflow a buffer and execute arbitrary code on the system.
CVSS Base score: 7.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/219946 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
CVEID:CVE-2022-25315
**DESCRIPTION:**libexpat could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in storeRawNames. By persuading a victim to open a specially-crafted file, an attacker could overflow a buffer and execute arbitrary code on the system.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/219945 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
Affected Products and Versions
IBM PureData System for Operational Analytics V1.1 (A1801)
Remediation/Fixes
Determine the appliance fixpack level as root on the management server using the appl_ls_cat command.
$ appl_ls_cat -i
NAME VERSION STATUS DESCRIPTION
bwr3 4.0.8.0 Committed Updates for IBM_PureData_System_for_Operational_Analytics
Determine the version of Db2 used on the core nodes in the appliance. The command below shows that Version 10.5.0.11 is installed. The number of hosts, Db2 version and instance name are customer dependent. The appliance supports Db2 10.5 or Db2 11.1 and the default instance owner is bcuaix. The command below shows that the instance is used Db2 10.5.0.11.
$ dsh -n ${BCUALL} ‘/usr/local/bin/db2ls -c | grep -v “#” | cut -d: -f 1 | head -1 | while read p;do $p/bin/db2greg -dump | grep “^I”;done’| dshbak -c
HOSTS -------------------------------------------------------------------------
host02, host04, host05, hostflash06
-------------------------------------------------------------------------------
I,DB2,10.5.0.11,bcuaix,/db2home/bcuaix/sqllib,1,0,/usr/IBM/dwe/db2/V10.5.0.11…2,
Login as the instance owner to any of the host servers. The following command will show the build number installed.
$ db2level
DB21085I This instance or install (instance name, where applicable: “bcuaix”)
uses “64” bits and DB2 code release “SQL1005B” with level identifier
“060C010E”.
Informational tokens are “DB2 v10.5.0.11”, “special_40479”, “IP24071_40479”,
and Fix Pack “11”.
Product is installed at “/usr/IBM/dwe/db2/V10.5.0.11…2”.
Use the table below to determine how to download the Db2 Fixpack or Special Build and then refer to the appliance technote <https://www.ibm.com/support/pages/installing-db2-fix-pack-ibm-puredata-system-operational-analytics> for instructions on how to apply the Db2 Fixpack or Special Build on the appliance. Contact IBM Support for any questions or concerns related to this update. The number in brackets will match version returned by the appl_ls_conf command.
| Current V1.1 Fixpack Level | Remediation Options |
|---|---|
| V1.1 GA [ 4.0.4.x ] |
Special Build 41110 for DB2 10.5 Fix Pack 11 for AIX (64 bit), DB2 Universal Fix Pack
Special Build 41112 for DB2 11.1.4 Fix Pack 7 for AIX (64 bit), DB2 Universal Fix Pack
V1.1 FP1 [ 4.0.5.x ]|
Special Build 41110 for DB2 10.5 Fix Pack 11 for AIX (64 bit), DB2 Universal Fix Pack
Special Build 41112 for DB2 11.1.4 Fix Pack 7 for AIX (64 bit), DB2 Universal Fix Pack
V1.1 FP2 [ 4.0.6.x ]|
Special Build 41110 for DB2 10.5 Fix Pack 11 for AIX (64 bit), DB2 Universal Fix Pack
Special Build 41112 for DB2 11.1.4 Fix Pack 7 for AIX (64 bit), DB2 Universal Fix Pack
V1.1 FP3 [ 4.0.7.x ]|
Special Build 41110 for DB2 10.5 Fix Pack 11 for AIX (64 bit), DB2 Universal Fix Pack
Special Build 41112 for DB2 11.1.4 Fix Pack 7 for AIX (64 bit), DB2 Universal Fix Pack
V1.1 FP4 [ 4.0.8.x ]|
Special Build 41110 for DB2 10.5 Fix Pack 11 for AIX (64 bit), DB2 Universal Fix Pack
Special Build 41112 for DB2 11.1.4 Fix Pack 7 for AIX (64 bit), DB2 Universal Fix Pack
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| puredata system for operational analytics a1801 | eq | 1.1 |
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.025 Low
EPSS
Percentile
89.9%