Medium Severity

Security Bulletin: IBM Netezza for Cloud Pak for Data is vulnerable to injection attack due to urllib package in Python3 (CVE-2022-0391)

Share this post:

IBM Netezza for Cloud Pak for Data is vulnerable to injection attack due to improper input validation by the urllib.parse module from Python3. Vulnerability is addressed by upgrading Pytthon to version 3.9.7.

CVE(s): CVE-2022-0391

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
IBM Netezza for Cloud Pak for Data 11.2.1.0 – 11.2.1.5

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6611149
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/219613

More stories

Security Bulletin: IBM InfoSphere Information Server Low Level Authenticated User Can View Higher Level User And Group Listing (CVE-2022-36772)

October 6, 2022 | Medium Severity

A vulnerability in IBM InfoSphere Information Server allowed lower level authenticated user to view other users and groups list. The scope of the vulnerability was limited in nature. The flaw gave such users VIEW access only. This vulnerabity was addressed. ...read more


Security Bulletin: IBM has announced a release for IBM Security Verify Governance in response to a security vulnerability (CVE-2022-21824)

October 6, 2022 | Medium Severity

IBM has announced a release for IBM Security Verify Governance (ISVG) in response to security vulnerability. The vulnerability is caused by Node.js which could provide weaker than expected security, caused by an error related to the formatting logic of the console.table() function. ...read more


Security Bulletin: IBM InfoSphere Information Server is affected by a session management vulnerability (CVE-2022-41291)

October 6, 2022 | Medium Severity

IBM InfoSphere Information Server is affected by a session management vulnerability. ...read more