CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
89.3%
SnakeYaml is a YAML Ain’t Markup Language parser used by Db2 Web Query in the underlying WebFOCUS base product. SnakeYaml could allow arbitrary code execution as described in the vulnerability details section. Db2 Web Query has addressed the vulnerability as described in the remediation/fixes section.
CVEID:CVE-2022-1471
**DESCRIPTION:**SnakeYaml could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in the Constructor class. By using a specially-crafted yaml content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 8.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/241118 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L)
Affected Product(s) | Version(s) |
---|---|
IBM Db2 Web Query for i | 2.3.0 |
IBM Db2 Web Query for i | 2.4.0 |
IBM strongly recommends addressing the vulnerability now.
Release 2.3.0 and 2.4.0 are supported and can be fixed by applying Program Temporary Fixes (PTFs) to the IBM i.
The PTF numbers containing the fix for this vulnerability are in the following table.
IBM Db2 Web Query for i Release | 5733WQX PTFs to apply for remediation | IBM i Release | 5733WQX Group PTF - Level to apply for remediation |
---|---|---|---|
2.3.0 |
| 7.5| SF99671 - 09
7.4| SF99654 - 09
7.3| SF99533 - 09
2.4.0|
| |
Important note:_
IBM recommends that all users running unsupported versions of affected products upgrade to a supported and fixed version of affected products._
None
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
89.3%