Medium Severity

Security Bulletin: Data masking rules are not enforced when CREATE TABLE AS SELECT statement is executed in IBM Data Virtualization on Cloud Pak for Data

Share this post:

There is a defect in IBM Data Virtualization on Cloud Pak for Data where Watson Knowledge Catalog data masking rules will not be enforced when a user executes CREATE TABLE AS (SELECT …) WITH DATA statement successfully. The newly created table will contain unmasked data.

CVE(s): CVE-2021-38971

Affected product(s) and affected version(s):

Affected Product(s) DV Version(s)
CPD Version(s)
IBM Data Virtualization(DV) on Cloud Pak for Data(CPD) 1.3.0 2.5.0
IBM Data Virtualization(DV) on Cloud Pak for Data(CPD) 1.4.1 3.0.1
IBM Data Virtualization(DV) on Cloud Pak for Data(CPD) 1.5.0 3.5, 3.5 Refresh 1 – 9
IBM Data Virtualization(DV) on Cloud Pak for Data(CPD) 1.7.1 – 1.7.3 4.0 Refresh 1 – 3
IBM Data Virtualization(DV) on Cloud Pak for Data(CPD) 1.7.3 4.0 Refresh 4

 

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6551076
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/212620

More stories

Security Bulletin: IBM MQ for HPE NonStop Server is affected by OpenSSL vulnerability CVE-2021-4160

May 20, 2022 | Medium Severity

MQ for HPE NonStop Server may be using weaker than expected security due to an algorithmic problem within OpenSSL. ...read more


Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Process Designer in IBM Business Automation Workflow and IBM Business Process Manager

May 19, 2022 | Medium Severity

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 8, which is used by the desktop version of IBM Process Designer in both IBM Business Automation Workflow and IBM Business Process Manager. IBM Process Designer has addressed the applicable CVEs. ...read more


Security Bulletin: IBM WebSphere Application Server is vulnerable to Spoofing (CVE-2022-22365)

May 19, 2022 | Medium Severity

IBM WebSphere Application Server is vulnerable to spoofing when the Ajax Proxy Web Application (AjaxProxy.war) is deployed. This has been addressed. ...read more