There is a defect in IBM Data Virtualization on Cloud Pak for Data where Watson Knowledge Catalog data masking rules will not be enforced when a user executes CREATE TABLE AS (SELECT …) WITH DATA statement successfully. The newly created table will contain unmasked data.
CVEID:CVE-2021-38971
**DESCRIPTION:**IBM Data Virtualization on Cloud Pak for Data could allow an authorized user to bypass data masking rules and obtain sensitve information.
CVSS Base score: 4.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/212620 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)
Affected Product(s)|**DV Version(s)
**|**CPD Version(s) **
—|—|—
IBM Data Virtualization(DV) on Cloud Pak for Data(CPD)| 1.3.0| 2.5.0
IBM Data Virtualization(DV) on Cloud Pak for Data(CPD)| 1.4.1| 3.0.1
IBM Data Virtualization(DV) on Cloud Pak for Data(CPD)| 1.5.0| 3.5, 3.5 Refresh 1 - 9
IBM Data Virtualization(DV) on Cloud Pak for Data(CPD)| 1.7.1 - 1.7.3| 4.0 Refresh 1 - 3
IBM Data Virtualization(DV) on Cloud Pak for Data(CPD)| 1.7.3| 4.0 Refresh 4
Affected Product(s)|**DV Version(s)
**|**CPD Version(s) **|**Fixes
**
—|—|—|—
IBM Data Virtualization(DV) on Cloud Pak for Data(CPD)| 1.3.0| 2.5.0|
Upgrade to version 1.5.0 patch version 1.5.0.0-270 (DV) /
3.5 Refresh 10 (CPD)
IBM Data Virtualization(DV) on Cloud Pak for Data(CPD)| 1.4.1| 3.0.1|
Upgrade to version 1.5.0 patch version 1.5.0.0-270 (DV) /
3.5 Refresh 10 (CPD)
IBM Data Virtualization(DV) on Cloud Pak for Data(CPD)| 1.5.0|
3.5,
3.5 Refresh 1 - 9
|
Apply patch version 1.5.0.0-270 (DV) /
3.5 Refresh 10 (CPD)
IBM Data Virtualization(DV) on Cloud Pak for Data(CPD)| 1.7.1 - 1.7.3| 4.0 Refresh 1 - 3|
Update to version 1.7.5 (DV) /
4.0 Refresh 5 (CPD)
IBM Data Virtualization(DV) on Cloud Pak for Data(CPD)| 1.7.3| 4.0 Refresh 4|
Update to version 1.7.5 (DV) /
4.0 Refresh 5 (CPD)
You must update the Cloud Pak for Data platform to version 4.0 Refresh 5 to install the fix for Data Virtualization.
To update Cloud Pak for Data platform to 4.0 Refresh 5, see the following links:
None