Critical Severity

Security Bulletin: Multiple vulnerabilities affect IBM Db2 On Openshift, IBM Db2® on Cloud Pak for Data and Db2 Warehouse® on Cloud Pak for Data

Share this post:

IBM has released the below fix for IBM Db2® On Openshift, IBM Db2® on Cloud Pak for Data and Db2 Warehouse® on Cloud Pak for Data in response to multiple vulnerabilities found in multiple components.

CVE(s): CVE-2022-33987, CVE-2021-43138, CVE-2021-44906, CVE-2022-29078, CVE-2022-25647, CVE-2022-28948, CVE-2020-7774, CVE-2022-0536

Affected product(s) and affected version(s):

All platforms of the following IBM® Db2® On Openshift fix pack releases and IBM® Db2® on Cloud Pak for Data and Db2 Warehouse® on Cloud Pak for Data refresh levels are affected:

Release Version
IBM® Db2® On Openshift

v11.5.5.0 – v11.5.5.0-cn4
v11.5.5.1  – v11.5.5.1-cn3
v11.5.6.0 – v11.5.6.0-cn5
v11.5.7.0 – v11.5.7.0-cn5

IBM® Db2® on Cloud Pak for Data and Db2 Warehouse® on Cloud Pak for Data

v3.5 through refresh 10
v4.0 through refresh 9
v4.5

 

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6610082
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/229246
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/223605
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/222195
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/225116
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/217225
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/226978
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/191999
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/219551

More stories

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to arbitrary code execution in MS Visual Studio (CVE-2022-24765).

August 4, 2022 | Critical Severity

IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to vulnerable to arbitrary code execution in MS Visual Studio, caused by an uncontrolled search for the Git directory in Git (CVE-2022-24765). Git for Visual Studio is used in the base operating system of IBM Watson Speech. Please read the details for remediation below. ...read more


Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a buffer overflow in Perl (CVE-2020-12723).

August 4, 2022 | Critical Severity

IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a buffer overflow in Perl, caused by recursive S_study_chunk calls in regcomp.c (CVE-2020-12723). This could allow a remote attacker to overflow a buffer and execute arbitrary code on the system. Perl is included in some of the operators used in IBM Watson Speech. Please read the details for remediation below. ...read more


Security Bulletin: IBM Sterling B2B Integrator is affected by a remote code execution in Spring Framework (CVE-2022-22965)

August 3, 2022 | Critical Severity

IBM Sterling B2B Integrator is affected but not classified as vulnerable to a remote code execution in Spring Framework (CVE-2022-22965) as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR (in contrast to a Spring Boot executable jar), 4. Spring-webmvc or spring-webflux dependency, 5. Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions. Spring Framework is used in the web application. Updated Spring library will be shipped in upcoming fix pack. ...read more