Medium Severity

Security Bulletin: Data masking rules are not enforced when CREATE TABLE AS SELECT statement is executed in IBM Big SQL

March 11, 2022

Share this post:

A software defect in IBM Big SQL prevents data masking rules to be enforced when a user executes CREATE TABLE AS (SELECT …) WITH DATA statement. The newly created table contains unmasked data.

CVE(s): CVE-2022-22353

Affected product(s) and affected version(s):

Affected Product(s)	Big SQL Version(s)	Platform Version(s)
IBM Big SQL on Cloudera Data Platform	7.1.0	Cloudera Data Platform 7.1.3, 7.1.4, 7.1.5, 7.1.7
IBM Big SQL on IBM Cloud Pak for Data	7.1.1	Cloud Pak for Data 3.5, 3.5 Refresh 1 – 9
IBM Big SQL on IBM Cloud Pak for Data	7.2.0 – 7.2.3	Cloud Pak for Data 4.0, 4.0 Refresh 1 – 3
IBM Big SQL on IBM Cloud Pak for Data	7.2.3	Cloud Pak for Data 4.0 Refresh 4

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www.ibm.com/support/pages/node/6563021
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/220480

Medium Severity

Security Bulletin: Vulnerabilities in IBM Java Runtime and Golang Go affect IBM Spectrum Protect Server (CVE-2021-35578, CVE-2021-44716, CVE-2021-44717)

Search Posts

Resources

Feed for PSIRT Blog Posts

IBM Product Security Vulnerabilities

See information about: IBM Security Bulletins, IBM Security Vulnerability Management (PSIRT), Reporting a Security Issue, IBM Secure Engineering

Learn More

IBM Product Support Portal

Access IBM Product Support to: Subscribe to Notifications, Download Fixes & PTFs (Fix Central), Access the Directory of IBM Worldwide Contacts

See What's New

Helpful Information

Security Bulletin: IBM MQ for HPE NonStop Server is affected by OpenSSL vulnerability CVE-2021-4160

May 20, 2022 | Medium Severity

MQ for HPE NonStop Server may be using weaker than expected security due to an algorithmic problem within OpenSSL. ...read more

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Process Designer in IBM Business Automation Workflow and IBM Business Process Manager

May 19, 2022 | Medium Severity

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 8, which is used by the desktop version of IBM Process Designer in both IBM Business Automation Workflow and IBM Business Process Manager. IBM Process Designer has addressed the applicable CVEs. ...read more

Security Bulletin: IBM WebSphere Application Server is vulnerable to Spoofing (CVE-2022-22365)

May 19, 2022 | Medium Severity

IBM WebSphere Application Server is vulnerable to spoofing when the Ajax Proxy Web Application (AjaxProxy.war) is deployed. This has been addressed. ...read more

Medium Severity

Security Bulletin: Data masking rules are not enforced when CREATE TABLE AS SELECT statement is executed in IBM Big SQL

Security Bulletin: Vulnerabilities in IBM Java Runtime and Golang Go affect IBM Spectrum Protect Server (CVE-2021-35578, CVE-2021-44716, CVE-2021-44717)

Security Bulletin: Vulnerabilities in IBM Db2 affect IBM Spectrum Protect Server (CVE-2021-38931, CVE-2021-29678, CVE-2021-20373, CVE-2021-39002, CVE-2021-38926)

Search Posts

Archives

Resources

IBM Product Security Vulnerabilities

IBM Product Support Portal

Helpful Information

Security Bulletin: IBM MQ for HPE NonStop Server is affected by OpenSSL vulnerability CVE-2021-4160

May 20, 2022 | Medium Severity

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Process Designer in IBM Business Automation Workflow and IBM Business Process Manager

May 19, 2022 | Medium Severity

Security Bulletin: IBM WebSphere Application Server is vulnerable to Spoofing (CVE-2022-22365)

May 19, 2022 | Medium Severity