Multiple vulnerabilities in IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data



Published: 2024-02-15
Risk High
Patch available YES
Number of vulnerabilities 81
CVE-ID CVE-2022-4450
CVE-2022-32149
CVE-2021-3711
CVE-2022-1292
CVE-2022-2068
CVE-2023-4807
CVE-2023-0464
CVE-2022-0778
CVE-2023-0215
CVE-2023-29402
CVE-2023-0286
CVE-2021-3712
CVE-2023-2650
CVE-2021-4160
CVE-2022-4304
CVE-2022-2097
CVE-2023-0465
CVE-2023-0466
CVE-2023-29403
CVE-2023-39319
CVE-2022-32221
CVE-2023-24534
CVE-2023-26049
CVE-2023-26048
CVE-2023-32002
CVE-2023-39331
CVE-2023-39332
CVE-2023-38552
CVE-2023-32559
CVE-2023-32006
CVE-2023-24536
CVE-2023-29406
CVE-2023-24538
CVE-2022-3515
CVE-2023-45142
CVE-2023-39323
CVE-2023-29404
CVE-2023-29405
CVE-2023-29409
CVE-2023-39318
CVE-2023-5678
CVE-2022-22576
CVE-2023-50308
CVE-2023-34062
CVE-2023-5676
CVE-2023-22081
CVE-2022-29244
CVE-2021-41190
CVE-2022-48337
CVE-2022-48339
CVE-2023-45193
CVE-2022-36046
CVE-2023-47141
CVE-2023-47152
CVE-2023-47746
CVE-2023-27859
CVE-2023-47747
CVE-2023-47145
CVE-2023-47158
CVE-2023-34054
CVE-2022-3786
CVE-2022-27781
CVE-2021-22947
CVE-2023-28319
CVE-2021-22926
CVE-2021-22946
CVE-2022-27782
CVE-2021-22922
CVE-2022-32206
CVE-2022-27776
CVE-2023-23916
CVE-2023-28320
CVE-2022-3602
CVE-2022-32208
CVE-2023-28321
CVE-2022-43552
CVE-2021-22925
CVE-2021-22923
CVE-2022-35252
CVE-2023-28322
CVE-2022-41717
CWE-ID CWE-415
CWE-400
CWE-119
CWE-78
CWE-20
CWE-835
CWE-416
CWE-94
CWE-843
CWE-125
CWE-399
CWE-310
CWE-208
CWE-311
CWE-347
CWE-254
CWE-264
CWE-79
CWE-440
CWE-22
CWE-354
CWE-644
CWE-190
CWE-295
CWE-287
CWE-200
CWE-754
CWE-327
CWE-345
CWE-319
CWE-303
CWE-611
CWE-770
CWE-662
CWE-457
CWE-522
Exploitation vector Network
Public exploit Public exploit code for vulnerability #4 is available.
Public exploit code for vulnerability #8 is available.
Public exploit code for vulnerability #61 is available.
Public exploit code for vulnerability #73 is available.
Public exploit code for vulnerability #81 is available.
Vulnerable software
Subscribe
DB2 Warehouse on Cloud Pak for Data
Other software / Other software solutions

DB2 on Cloud Pak for Data
Other software / Other software solutions

Vendor IBM Corporation

Security Bulletin

This security bulletin contains information about 81 vulnerabilities.

1) Double Free

EUVDB-ID: #VU71996

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-4450

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the PEM_read_bio_ex() function. A remote attacker can pass specially crafted PEM file to the application, trigger a double free error and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

DB2 Warehouse on Cloud Pak for Data: before 4.8.2

DB2 on Cloud Pak for Data: before 4.8.2

CPE2.3
External links

http://www.ibm.com/support/pages/node/7117873


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Resource exhaustion

EUVDB-ID: #VU68897

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-32149

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to ParseAcceptLanguage does not properly control consumption of internal resources. A remote attacker can send a specially crafted Accept-Language header that will take a significant time to parse and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

DB2 Warehouse on Cloud Pak for Data: before 4.8.2

DB2 on Cloud Pak for Data: before 4.8.2

CPE2.3
External links

http://www.ibm.com/support/pages/node/7117873


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Buffer overflow

EUVDB-ID: #VU56063

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-3711

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in EVP_PKEY_decrypt() function within implementation of the SM2 decryption. A remote attacker can send specially crafted SM2 content for decryption to trigger a buffer overflow by 62 bytes and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

DB2 Warehouse on Cloud Pak for Data: before 4.8.2

DB2 on Cloud Pak for Data: before 4.8.2

CPE2.3
External links

http://www.ibm.com/support/pages/node/7117873


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) OS Command Injection

EUVDB-ID: #VU62765

Risk: Medium

CVSSv3.1: 7.3 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2022-1292

CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation in the c_rehash script distributed by some operating systems. A remote attacker with ability to pass data to c_rehash script can and execute arbitrary OS commands with the privileges of the script.


Mitigation

Install update from vendor's website.

Vulnerable software versions

DB2 Warehouse on Cloud Pak for Data: before 4.8.2

DB2 on Cloud Pak for Data: before 4.8.2

CPE2.3
External links

http://www.ibm.com/support/pages/node/7117873


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

5) OS Command Injection

EUVDB-ID: #VU64559

Risk: Medium

CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-2068

CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation in the c_rehash script distributed by some operating systems. A remote attacker with ability to pass data to c_rehash script can and execute arbitrary OS commands with the privileges of the script.

The vulnerability exists due to incomplete fix for #VU62765 (CVE-2022-1292).

Mitigation

Install update from vendor's website.

Vulnerable software versions

DB2 Warehouse on Cloud Pak for Data: before 4.8.2

DB2 on Cloud Pak for Data: before 4.8.2

CPE2.3
External links

http://www.ibm.com/support/pages/node/7117873


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Input validation error

EUVDB-ID: #VU80565

Risk: Low

CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-4807

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input within the POLY1305 MAC (message authentication code) implementation. A remote attacker can send specially crafted input to the application and corrupt MM registers on Windows 64 platform, resulting in a denial of service condition.

Mitigation

Install update from vendor's website.

Vulnerable software versions

DB2 Warehouse on Cloud Pak for Data: before 4.8.2

DB2 on Cloud Pak for Data: before 4.8.2

CPE2.3
External links

http://www.ibm.com/support/pages/node/7117873


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Resource exhaustion

EUVDB-ID: #VU73960

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-0464

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources when verifying X.509 certificate chains that include policy constraints. A remote attacker can create a specially crafted certificate to trigger resource exhaustion and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

DB2 Warehouse on Cloud Pak for Data: before 4.8.2

DB2 on Cloud Pak for Data: before 4.8.2

CPE2.3
External links

http://www.ibm.com/support/pages/node/7117873


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Infinite loop

EUVDB-ID: #VU61391

Risk: Medium

CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2022-0778

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the BN_mod_sqrt() function when processing an ASN.1 certificate that contains elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. A remote attacker can supply a specially crafted certificate to the TLS server or client, consume all available system resources and cause denial of service conditions.

Mitigation

Install update from vendor's website.

Vulnerable software versions

DB2 Warehouse on Cloud Pak for Data: before 4.8.2

DB2 on Cloud Pak for Data: before 4.8.2

CPE2.3
External links

http://www.ibm.com/support/pages/node/7117873


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

9) Use-after-free

EUVDB-ID: #VU71995

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-0215

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the BIO_new_NDEF function. A remote attacker can trigger a use-after-free error and perform a denial of service (DoS) attack.


Mitigation

Install update from vendor's website.

Vulnerable software versions

DB2 Warehouse on Cloud Pak for Data: before 4.8.2

DB2 on Cloud Pak for Data: before 4.8.2

CPE2.3
External links

http://www.ibm.com/support/pages/node/7117873


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Code Injection

EUVDB-ID: #VU77528

Risk: Medium

CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-29402

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation within the cgo go command when building code that contains directories with newline characters in their names. A remote attacker can pass specially crafted input to the cgo command at build time and potentially compromise the system.

Modules which are retrieved using the go command, i.e. via "go get", are not affected (modules retrieved using GOPATH-mode, i.e. GO111MODULE=off, may be affected).

Mitigation

Install update from vendor's website.

Vulnerable software versions

DB2 Warehouse on Cloud Pak for Data: before 4.8.2

DB2 on Cloud Pak for Data: before 4.8.2

CPE2.3
External links

http://www.ibm.com/support/pages/node/7117873


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Type Confusion

EUVDB-ID: #VU71992

Risk: High

CVSSv3.1: 7.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-0286

CWE-ID: CWE-843 - Type confusion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a type confusion error related to X.400 address processing inside an X.509 GeneralName. A remote attacker can pass specially crafted data to the application, trigger a type confusion error and perform a denial of service (DoS) attack or read memory contents.

In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.

Mitigation

Install update from vendor's website.

Vulnerable software versions

DB2 Warehouse on Cloud Pak for Data: before 4.8.2

DB2 on Cloud Pak for Data: before 4.8.2

CPE2.3
External links

http://www.ibm.com/support/pages/node/7117873


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Out-of-bounds read

EUVDB-ID: #VU56064

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-3712

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when processing ASN.1 strings related to a confusion with NULL termination of strings in array. A remote attacker can pass specially crafted data to the application to trigger an out-of-bounds read error and read contents of memory on the system or perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

DB2 Warehouse on Cloud Pak for Data: before 4.8.2

DB2 on Cloud Pak for Data: before 4.8.2

CPE2.3
External links

http://www.ibm.com/support/pages/node/7117873


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Resource management error

EUVDB-ID: #VU76651

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-2650

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the application when processing OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS subsystems with no message size limit. A remote attacker can send specially crafted data to the application and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

DB2 Warehouse on Cloud Pak for Data: before 4.8.2

DB2 on Cloud Pak for Data: before 4.8.2

CPE2.3
External links

http://www.ibm.com/support/pages/node/7117873


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Cryptographic issues

EUVDB-ID: #VU60166

Risk: Low

CVSSv3.1: 3.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-4160

CWE-ID: CWE-310 - Cryptographic Issues

Exploit availability: No

Description

The vulnerability allows a remote attacker to decrypt TLS traffic.

The vulnerability exists due to BN_mod_exp may produce incorrect results on MIPS. A remote attacker can decrypt TLS traffic. According to vendor, multiple EC algorithms are affected, including some of the TLS 1.3 default curves. 

Successful exploitation of the vulnerability requires certain pre-requisites for attack, such as obtaining and  reusing private keys. 

Mitigation

Install update from vendor's website.

Vulnerable software versions

DB2 Warehouse on Cloud Pak for Data: before 4.8.2

DB2 on Cloud Pak for Data: before 4.8.2

CPE2.3
External links

http://www.ibm.com/support/pages/node/7117873


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Information Exposure Through Timing Discrepancy

EUVDB-ID: #VU71993

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-4304

CWE-ID: CWE-208 - Information Exposure Through Timing Discrepancy

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain sensitive information.

The vulnerability exists due to a timing based side channel exists in the OpenSSL RSA Decryption implementation. A remote attacker can perform a Bleichenbacher style attack and decrypt data sent over the network.

To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE.

Mitigation

Install update from vendor's website.

Vulnerable software versions

DB2 Warehouse on Cloud Pak for Data: before 4.8.2

DB2 on Cloud Pak for Data: before 4.8.2

CPE2.3
External links

http://www.ibm.com/support/pages/node/7117873


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Missing Encryption of Sensitive Data

EUVDB-ID: #VU64922

Risk: Low

CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-2097

CWE-ID: CWE-311 - Missing Encryption of Sensitive Data

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to an error in AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimized implementation. Under specific circumstances OpenSSL does not encrypt the entire message and can reveal sixteen bytes of data that was preexisting in the memory that wasn't written. A remote attacker can gain access to potentially sensitive information.


Mitigation

Install update from vendor's website.

Vulnerable software versions

DB2 Warehouse on Cloud Pak for Data: before 4.8.2

DB2 on Cloud Pak for Data: before 4.8.2

CPE2.3
External links

http://www.ibm.com/support/pages/node/7117873


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Improper Verification of Cryptographic Signature

EUVDB-ID: #VU74148

Risk: Low

CVSSv3.1: 4.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-0465

CWE-ID: CWE-347 - Improper Verification of Cryptographic Signature

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to an error when validating certificate policies in leaf certificates. A remote attacker that controls a malicious CA server can issue a certificate that will be validated by the application.

Mitigation

Install update from vendor's website.

Vulnerable software versions

DB2 Warehouse on Cloud Pak for Data: before 4.8.2

DB2 on Cloud Pak for Data: before 4.8.2

CPE2.3
External links

http://www.ibm.com/support/pages/node/7117873


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Security features bypass

EUVDB-ID: #VU74149

Risk: Low

CVSSv3.1: 4.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-0466

CWE-ID: CWE-254 - Security Features

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to an error within the X509_VERIFY_PARAM_add0_policy() function, which does not perform the certificate policy check despite being implicitly enabled. A remote attacker can bypass expected security restrictions and perform MitM attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

DB2 Warehouse on Cloud Pak for Data: before 4.8.2

DB2 on Cloud Pak for Data: before 4.8.2

CPE2.3
External links

http://www.ibm.com/support/pages/node/7117873


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU77529

Risk: Medium

CVSSv3.1: 7.8 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-29403

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists within Go runtime due to application allows to execute setuid/setgid binaries without any restrictions. An attacker with ability to control the application flow can execute arbitrary code on the system with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

DB2 Warehouse on Cloud Pak for Data: before 4.8.2

DB2 on Cloud Pak for Data: before 4.8.2

CPE2.3
External links

http://www.ibm.com/support/pages/node/7117873


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Cross-site scripting

EUVDB-ID: #VU80573

Risk: Medium

CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-39319

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists within the html/template package caused by improperly applied rules for handling occurrences of "<script", "<!--", and "</script" within JS literals in <script> contexts. A remote attacker can pass specially crafted input to the application and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Mitigation

Install update from vendor's website.

Vulnerable software versions

DB2 Warehouse on Cloud Pak for Data: before 4.8.2

DB2 on Cloud Pak for Data: before 4.8.2

CPE2.3
External links

http://www.ibm.com/support/pages/node/7117873


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Expected behavior violation

EUVDB-ID: #VU68746

Risk: Medium

CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-32221

CWE-ID: CWE-440 - Expected Behavior Violation

Exploit availability: No

Description

The vulnerability allows a remote attacker to force unexpected application behavior.

The vulnerability exists due to a logic error for a reused handle when processing subsequent HTTP PUT and POST requests. The libcurl can erroneously use the read callback (CURLOPT_READFUNCTION) to ask for data to send, even when the CURLOPT_POSTFIELDS option has been set, if the same handle previously was used to issue a PUT request, which used that callback. As a result, such behavior can influence application flow and force unpredictable outcome.

Mitigation

Install update from vendor's website.

Vulnerable software versions

DB2 Warehouse on Cloud Pak for Data: before 4.8.2

DB2 on Cloud Pak for Data: before 4.8.2

CPE2.3
External links

http://www.ibm.com/support/pages/node/7117873


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Resource exhaustion

EUVDB-ID: #VU74571

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-24534

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources when parsing HTTP and MIME headers in net/textproto. A remote attacker can cause an HTTP server to allocate large amounts of memory from a small request and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

DB2 Warehouse on Cloud Pak for Data: before 4.8.2

DB2 on Cloud Pak for Data: before 4.8.2

CPE2.3
External links

http://www.ibm.com/support/pages/node/7117873


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Input validation error

EUVDB-ID: #VU75217

Risk: Low

CVSSv3.1: 4.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-26049

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to insufficient input validation when parsing cookies. A remote attacker can send a specially crafted HTTP request with a cookie value that starts with a double quote and force the application to read the cookie string until it sees a closing quote. Such behavior can be used to exfiltrate sensitive values from other cookies.

Mitigation

Install update from vendor's website.

Vulnerable software versions

DB2 Warehouse on Cloud Pak for Data: before 4.8.2

DB2 on Cloud Pak for Data: before 4.8.2

CPE2.3
External links

http://www.ibm.com/support/pages/node/7117873


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Resource exhaustion

EUVDB-ID: #VU75218

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-26048

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources when processing multipart requests in request.getParameter(). A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

DB2 Warehouse on Cloud Pak for Data: before 4.8.2

DB2 on Cloud Pak for Data: before 4.8.2

CPE2.3
External links

http://www.ibm.com/support/pages/node/7117873


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU79332

Risk: Medium

CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-32002

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to improperly imposed security restrictions for the Module._load() method. A remote attacker can bypass the policy mechanism and include modules outside of the policy.json definition for a given module.

Mitigation

Install update from vendor's website.

Vulnerable software versions

DB2 Warehouse on Cloud Pak for Data: before 4.8.2

DB2 on Cloud Pak for Data: before 4.8.2

CPE2.3
External links

http://www.ibm.com/support/pages/node/7117873


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Path traversal

EUVDB-ID: #VU82067

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-39331

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to insufficient patch for #VU77594 (CVE-2023-30584). A remote user can send a specially crafted request and read arbitrary files on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

DB2 Warehouse on Cloud Pak for Data: before 4.8.2

DB2 on Cloud Pak for Data: before 4.8.2

CPE2.3
External links

http://www.ibm.com/support/pages/node/7117873


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Path traversal

EUVDB-ID: #VU82068

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-39332

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences in paths stored in Uint8Array. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

DB2 Warehouse on Cloud Pak for Data: before 4.8.2

DB2 on Cloud Pak for Data: before 4.8.2

CPE2.3
External links

http://www.ibm.com/support/pages/node/7117873


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Improper validation of integrity check value

EUVDB-ID: #VU82069

Risk: Medium

CVSSv3.1: 5.5 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-38552

CWE-ID: CWE-354 - Improper Validation of Integrity Check Value

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to an error in the policy feature, which checks the integrity of a resource against a trusted manifest. An application can intercept the operation and return a forged checksum to node's policy implementation, thus effectively disabling the integrity check.

Mitigation

Install update from vendor's website.

Vulnerable software versions

DB2 Warehouse on Cloud Pak for Data: before 4.8.2

DB2 on Cloud Pak for Data: before 4.8.2

CPE2.3
External links

http://www.ibm.com/support/pages/node/7117873


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU79335

Risk: Medium

CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-32559

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to usage of deprecated API process.binding(). A remote attacker can bypass the policy mechanism by requiring internal modules and eventually take advantage of process.binding('spawn_sync') run arbitrary code, outside of the limits defined in a policy.json file.

Mitigation

Install update from vendor's website.

Vulnerable software versions

DB2 Warehouse on Cloud Pak for Data: before 4.8.2

DB2 on Cloud Pak for Data: before 4.8.2

CPE2.3
External links

http://www.ibm.com/support/pages/node/7117873


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU79334

Risk: Medium

CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-32006

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to improperly imposed security restrictions for the module.constructor.createRequire() method. A remote attacker can bypass the policy mechanism and include modules outside of the policy.json definition for a given module.

Mitigation

Install update from vendor's website.

Vulnerable software versions

DB2 Warehouse on Cloud Pak for Data: before 4.8.2

DB2 on Cloud Pak for Data: before 4.8.2

CPE2.3
External links

http://www.ibm.com/support/pages/node/7117873


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Resource management error

EUVDB-ID: #VU74572

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-24536

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within mime/multipart and net/textproto components when parsing multipart forms. A remote attacker can pass specially crafted request to the application and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

DB2 Warehouse on Cloud Pak for Data: before 4.8.2

DB2 on Cloud Pak for Data: before 4.8.2

CPE2.3
External links

http://www.ibm.com/support/pages/node/7117873


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Improper Neutralization of HTTP Headers for Scripting Syntax

EUVDB-ID: #VU78327

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-29406

CWE-ID: CWE-644 - Improper Neutralization of HTTP Headers for Scripting Syntax

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to improper input validation in HTTP/1 client when handling HTTP Host header. A remote non-authenticated attacker can send a specially crafted HTTP request with a maliciously crafted Host header and inject additional headers or entire requests.

Successful exploitation of the vulnerability may allow an attacker to perform cross-site scripting, cache poisoning or session hijacking attacks.

Mitigation

Install update from vendor's website.

Vulnerable software versions

DB2 Warehouse on Cloud Pak for Data: before 4.8.2

DB2 on Cloud Pak for Data: before 4.8.2

CPE2.3
External links

http://www.ibm.com/support/pages/node/7117873


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Code Injection

EUVDB-ID: #VU74574

Risk: High

CVSSv3.1: 7.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-24538

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation in html/template when handling JavaScript templates that contain backticks in code. If a template contains a Go template action within a JavaScript template literal, the contents of the action can be used to terminate the literal, injecting arbitrary JavaScript code into the Go template.

Mitigation

Install update from vendor's website.

Vulnerable software versions

DB2 Warehouse on Cloud Pak for Data: before 4.8.2

DB2 on Cloud Pak for Data: before 4.8.2

CPE2.3
External links

http://www.ibm.com/support/pages/node/7117873


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Integer overflow

EUVDB-ID: #VU68376

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-3515

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow within the CRL parser in libksba. A remote attacker can pass specially crafted data to the application, trigger an integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

DB2 Warehouse on Cloud Pak for Data: before 4.8.2

DB2 on Cloud Pak for Data: before 4.8.2

CPE2.3
External links

http://www.ibm.com/support/pages/node/7117873


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Resource exhaustion

EUVDB-ID: #VU83546

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-45142

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect processing of HTTP header User-Agent and HTTP method. A remote attacker can send multiple requests with long randomly generated HTTP methods or/and User agents and consume memory resources, leading to a denial of service condition.

Mitigation

Install update from vendor's website.

Vulnerable software versions

DB2 Warehouse on Cloud Pak for Data: before 4.8.2

DB2 on Cloud Pak for Data: before 4.8.2

CPE2.3
External links

http://www.ibm.com/support/pages/node/7117873


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Input validation error

EUVDB-ID: #VU81964

Risk: Medium

CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-39323

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insufficient validation of user-supplied input when processing line directives (e.g. "//line") in the code. A remote attacker can bypass restrictions on "//go:cgo_" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running "go build".

Mitigation

Install update from vendor's website.

Vulnerable software versions

DB2 Warehouse on Cloud Pak for Data: before 4.8.2

DB2 on Cloud Pak for Data: before 4.8.2

CPE2.3
External links

http://www.ibm.com/support/pages/node/7117873


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Code Injection

EUVDB-ID: #VU77530

Risk: Medium

CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-29404

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists within Go runtime when running "go get" on a malicious module, or when running any other
command which builds untrusted code.A remote attacker can inject and execute arbitrary code on the target system at build time when using cgo.

Mitigation

Install update from vendor's website.

Vulnerable software versions

DB2 Warehouse on Cloud Pak for Data: before 4.8.2

DB2 on Cloud Pak for Data: before 4.8.2

CPE2.3
External links

http://www.ibm.com/support/pages/node/7117873


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Code Injection

EUVDB-ID: #VU77531

Risk: Medium

CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-29405

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists within Go runtime when running "go get" on a malicious module, or when running any other
command which builds untrusted code.A remote attacker can inject and execute arbitrary code on the target system at build time when using cgo.

Mitigation

Install update from vendor's website.

Vulnerable software versions

DB2 Warehouse on Cloud Pak for Data: before 4.8.2

DB2 on Cloud Pak for Data: before 4.8.2

CPE2.3
External links

http://www.ibm.com/support/pages/node/7117873


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Improper Certificate Validation

EUVDB-ID: #VU78913

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-29409

CWE-ID: CWE-295 - Improper Certificate Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to verifying certificate chains containing large RSA keys is slow. A remote attacker can cause a client/server to expend significant CPU time verifying signatures.

Mitigation

Install update from vendor's website.

Vulnerable software versions

DB2 Warehouse on Cloud Pak for Data: before 4.8.2

DB2 on Cloud Pak for Data: before 4.8.2

CPE2.3
External links

http://www.ibm.com/support/pages/node/7117873


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) Cross-site scripting

EUVDB-ID: #VU80572

Risk: Medium

CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-39318

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data within the html/template package when handling HMTL-like "<!--" and "-->" comment tokens, nor hashbang "#!" comment tokens, in <script> contexts. A remote attacker can pass specially crafted input to the application and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Mitigation

Install update from vendor's website.

Vulnerable software versions

DB2 Warehouse on Cloud Pak for Data: before 4.8.2

DB2 on Cloud Pak for Data: before 4.8.2

CPE2.3
External links

http://www.ibm.com/support/pages/node/7117873


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) Resource management error

EUVDB-ID: #VU82894

Risk: Medium

CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-5678

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within DH_generate_key() and DH_check_pub_key() functions. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

DB2 Warehouse on Cloud Pak for Data: before 4.8.2

DB2 on Cloud Pak for Data: before 4.8.2

CPE2.3
External links

http://www.ibm.com/support/pages/node/7117873


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) Improper Authentication

EUVDB-ID: #VU62640

Risk: Medium

CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-22576

CWE-ID: CWE-287 - Improper Authentication

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error when re-using OAUTH2 connections for SASL-enabled protocols, such as SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only). libcurl may reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. As a result, a connection that is successfully created and authenticated with a user name + OAUTH2 bearer can subsequently be erroneously reused even for user + [other OAUTH2 bearer], even though that might not even be a valid bearer.

A remote attacker can exploit this vulnerability against applications intended for use in multi-user environments to bypass authentication and gain unauthorized access to victim's accounts.


Mitigation

Install update from vendor's website.

Vulnerable software versions

DB2 Warehouse on Cloud Pak for Data: before 4.8.2

DB2 on Cloud Pak for Data: before 4.8.2

CPE2.3
External links

http://www.ibm.com/support/pages/node/7117873


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

43) Input validation error

EUVDB-ID: #VU85745

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-50308

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability occurs when a statement is run on columnar tables. A remote user can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

DB2 Warehouse on Cloud Pak for Data: before 4.8.2

DB2 on Cloud Pak for Data: before 4.8.2

CPE2.3
External links

http://www.ibm.com/support/pages/node/7117873


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

44) Path traversal

EUVDB-ID: #VU84037

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-34062

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system.

Successful exploitation of the vulnerability requires that Reactor Netty HTTP Server is configured to serve static resources.

Mitigation

Install update from vendor's website.

Vulnerable software versions

DB2 Warehouse on Cloud Pak for Data: before 4.8.2

DB2 on Cloud Pak for Data: before 4.8.2

CPE2.3
External links

http://www.ibm.com/support/pages/node/7117873


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

45) Segmentation fault

EUVDB-ID: #VU83267

Risk: Low

CVSSv3.1: 3.6 [CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-5676

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to JVM can be forced into an infinite busy hang on a spinlock or a segmentation fault if a shutdown signal (SIGTERM, SIGINT or SIGHUP) is received before the JVM has finished initializing. A local privileged user can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

DB2 Warehouse on Cloud Pak for Data: before 4.8.2

DB2 on Cloud Pak for Data: before 4.8.2

CPE2.3
External links

http://www.ibm.com/support/pages/node/7117873


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

46) Improper input validation

EUVDB-ID: #VU82141

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-22081

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The vulnerability exists due to improper input validation within the JSSE component in Oracle GraalVM for JDK. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.

Mitigation

Install update from vendor's website.

Vulnerable software versions

DB2 Warehouse on Cloud Pak for Data: before 4.8.2

DB2 on Cloud Pak for Data: before 4.8.2

CPE2.3
External links

http://www.ibm.com/support/pages/node/7117873


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

47) Information disclosure

EUVDB-ID: #VU66698

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-29244

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to npm pack ignores root-level .gitignore and .npmignore file exclusion directives when run in a workspace or with a workspace flag (ie. `--workspaces`, `--workspace=`). Anyone who has run `npm pack` or `npm publish` inside a workspace, may be affected and have published files into the npm registry they did not intend to include.

Mitigation

Install update from vendor's website.

Vulnerable software versions

DB2 Warehouse on Cloud Pak for Data: before 4.8.2

DB2 on Cloud Pak for Data: before 4.8.2

CPE2.3
External links

http://www.ibm.com/support/pages/node/7117873


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

48) Type Confusion

EUVDB-ID: #VU58229

Risk: Low

CVSSv3.1: 2.6 [CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-41190

CWE-ID: CWE-843 - Type confusion

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the system.

The vulnerability exists due to a type confusion error. A remote authenticated attacker can pass specially crafted data to the application, trigger a type confusion error and interpret the resulting content differently.

Mitigation

Install update from vendor's website.

Vulnerable software versions

DB2 Warehouse on Cloud Pak for Data: before 4.8.2

DB2 on Cloud Pak for Data: before 4.8.2

CPE2.3
External links

http://www.ibm.com/support/pages/node/7117873


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

49) OS Command Injection

EUVDB-ID: #VU72573

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48337

CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation when parsing name of a source-code file in lib-src/etags.c. A remote attacker can trick the victim use the "etags -u *" command on the directory with attacker controlled content and execute arbitrary OS commands on the target system.


Mitigation

Install update from vendor's website.

Vulnerable software versions

DB2 Warehouse on Cloud Pak for Data: before 4.8.2

DB2 on Cloud Pak for Data: before 4.8.2

CPE2.3
External links

http://www.ibm.com/support/pages/node/7117873


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

50) OS Command Injection

EUVDB-ID: #VU72575

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48339

CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation within the hfy-istext-command() function when parsing the "file" and "srcdir" parameters, if a file name or directory name contains shell metacharacter. A remote attacker can execute arbitrary OS commands on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

DB2 Warehouse on Cloud Pak for Data: before 4.8.2

DB2 on Cloud Pak for Data: before 4.8.2

CPE2.3
External links

http://www.ibm.com/support/pages/node/7117873


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

51) Resource exhaustion

EUVDB-ID: #VU85128

Risk: Medium

CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-45193

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability occurs when a specially crafted cursor is used. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

DB2 Warehouse on Cloud Pak for Data: before 4.8.2

DB2 on Cloud Pak for Data: before 4.8.2

CPE2.3
External links

http://www.ibm.com/support/pages/node/7117873


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

52) Improper Check for Unusual or Exceptional Conditions

EUVDB-ID: #VU77517

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-36046

CWE-ID: CWE-754 - Improper Check for Unusual or Exceptional Conditions

Exploit availability: No

Description

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling. A remote user can send specially crafted data to the application and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

DB2 Warehouse on Cloud Pak for Data: before 4.8.2

DB2 on Cloud Pak for Data: before 4.8.2

CPE2.3
External links

http://www.ibm.com/support/pages/node/7117873


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

53) Input validation error

EUVDB-ID: #VU85748

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-47141

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. An authenticated user with CONNECT privileges can pass specially crafted query to the application and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

DB2 Warehouse on Cloud Pak for Data: before 4.8.2

DB2 on Cloud Pak for Data: before 4.8.2

CPE2.3
External links

http://www.ibm.com/support/pages/node/7117873


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

54) Use of a broken or risky cryptographic algorithm

EUVDB-ID: #VU85759

Risk: Medium

CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-47152

CWE-ID: CWE-327 - Use of a Broken or Risky Cryptographic Algorithm

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to insecure cryptographic algorithm and to information disclosure in stack trace under exceptional conditions A remote attacker can gain unauthorized access to sensitive information on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

DB2 Warehouse on Cloud Pak for Data: before 4.8.2

DB2 on Cloud Pak for Data: before 4.8.2

CPE2.3
External links

http://www.ibm.com/support/pages/node/7117873


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

55) Input validation error

EUVDB-ID: #VU85760

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-47746

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A remote user with CONNECT privileges can pass specially crafted query to the application and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

DB2 Warehouse on Cloud Pak for Data: before 4.8.2

DB2 on Cloud Pak for Data: before 4.8.2

CPE2.3
External links

http://www.ibm.com/support/pages/node/7117873


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

56) Code Injection

EUVDB-ID: #VU85127

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-27859

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')

Exploit availability: No

Description

The vulnerability allows a remote user to modify data on the system.

The vulnerability exists due to improper input validation. A remote user can install a malicious jar file that overwrites the existing like-named jar file in another database.

Mitigation

Install update from vendor's website.

Vulnerable software versions

DB2 Warehouse on Cloud Pak for Data: before 4.8.2

DB2 on Cloud Pak for Data: before 4.8.2

CPE2.3
External links

http://www.ibm.com/support/pages/node/7117873


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

57) Input validation error

EUVDB-ID: #VU85782

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-47747

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A remote user with CONNECT privileges can pass specially crafted query to the application and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

DB2 Warehouse on Cloud Pak for Data: before 4.8.2

DB2 on Cloud Pak for Data: before 4.8.2

CPE2.3
External links

http://www.ibm.com/support/pages/node/7117873


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

58) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU85165

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-47145

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions. A local user can trigger the vulnerability to bypass security restrictions and escalate privileges to the SYSTEM user using the MSI repair functionality

Mitigation

Install update from vendor's website.

Vulnerable software versions

DB2 Warehouse on Cloud Pak for Data: before 4.8.2

DB2 on Cloud Pak for Data: before 4.8.2

CPE2.3
External links

http://www.ibm.com/support/pages/node/7117873


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

59) Input validation error

EUVDB-ID: #VU85784

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-47158

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A remote user with CONNECT privileges can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

DB2 Warehouse on Cloud Pak for Data: before 4.8.2

DB2 on Cloud Pak for Data: before 4.8.2

CPE2.3
External links

http://www.ibm.com/support/pages/node/7117873


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

60) Input validation error

EUVDB-ID: #VU83580

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-34054

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can send specially crafted HTTP requests to the application and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

DB2 Warehouse on Cloud Pak for Data: before 4.8.2

DB2 on Cloud Pak for Data: before 4.8.2

CPE2.3
External links

http://www.ibm.com/support/pages/node/7117873


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

61) Buffer overflow

EUVDB-ID: #VU68896

Risk: Medium

CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2022-3786

CWE-ID: CWE-119 - Memory corruption

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error when processing the email address field length inside a X.509 certificate. A remote attacker can supply a specially crafted certificate to the application, trigger a buffer overflow and crash the application.


Mitigation

Install update from vendor's website.

Vulnerable software versions

DB2 Warehouse on Cloud Pak for Data: before 4.8.2

DB2 on Cloud Pak for Data: before 4.8.2

CPE2.3
External links

http://www.ibm.com/support/pages/node/7117873


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

62) Infinite loop

EUVDB-ID: #VU63008

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-27781

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop when handling requests with the CURLOPT_CERTINFO option. A remote attacker can consume all available system resources and cause denial of service conditions.

Mitigation

Install update from vendor's website.

Vulnerable software versions

DB2 Warehouse on Cloud Pak for Data: before 4.8.2

DB2 on Cloud Pak for Data: before 4.8.2

CPE2.3
External links

http://www.ibm.com/support/pages/node/7117873


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

63) Insufficient verification of data authenticity

EUVDB-ID: #VU56615

Risk: Medium

CVSSv3.1: 6.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-22947

CWE-ID: CWE-345 - Insufficient Verification of Data Authenticity

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists in the way libcurl handles the STARTTLS negotiation process. When curl connects to an IMAP, POP3, SMTP or FTP server to exchange data securely using STARTTLS to upgrade the connection to TLS level, the server can still respond and send back multiple responses before the TLS upgrade. Such multiple "pipelined" responses are cached by curl. curl would then upgrade to TLS but not flush the in-queue of cached responses and instead use and trust the responses it got before the TLS handshake as if they were authenticated.

Using this flaw, it allows a Man-In-The-Middle attacker to first inject the fake responses, then pass-through the TLS traffic from the legitimate server and trick curl into sending data back to the user thinking the attacker's injected data comes from the TLS-protected server.

Over POP3 and IMAP an attacker can inject fake response data.

Mitigation

Install update from vendor's website.

Vulnerable software versions

DB2 Warehouse on Cloud Pak for Data: before 4.8.2

DB2 on Cloud Pak for Data: before 4.8.2

CPE2.3
External links

http://www.ibm.com/support/pages/node/7117873


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

64) Use-after-free

EUVDB-ID: #VU76233

Risk: Low

CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-28319

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to a use-after-free error when checking the SSH sha256 fingerprint. A remote attacker can use the application to connect to a malicious SSH server, trigger a use-after-free error and gain access to potentially sensitive information.

Successful exploitation of the vulnerability requires usage of the the CURLOPT_SSH_HOST_PUBLIC_KEY_SHA256 option, and also CURLOPT_VERBOSE or CURLOPT_ERRORBUFFER options have to be set.

Mitigation

Install update from vendor's website.

Vulnerable software versions

DB2 Warehouse on Cloud Pak for Data: before 4.8.2

DB2 on Cloud Pak for Data: before 4.8.2

CPE2.3
External links

http://www.ibm.com/support/pages/node/7117873


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

65) Improper Certificate Validation

EUVDB-ID: #VU55147

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-22926

CWE-ID: CWE-295 - Improper Certificate Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to an error in the CURLOPT_SSLCERT option mixup with TLS library Secure Transport. A remote attacker can create a file name with the same name as the app wants to use by name, and thereby trick the application to use the file based cert instead of the one referred to by name making libcurl send the wrong client certificate in the TLS connection handshake.

Mitigation

Install update from vendor's website.

Vulnerable software versions

DB2 Warehouse on Cloud Pak for Data: before 4.8.2

DB2 on Cloud Pak for Data: before 4.8.2

CPE2.3
External links

http://www.ibm.com/support/pages/node/7117873


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

66) Cleartext transmission of sensitive information

EUVDB-ID: #VU56613

Risk: Medium

CVSSv3.1: 6.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-22946

CWE-ID: CWE-319 - Cleartext Transmission of Sensitive Information

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to an error, related to incorrect enforcement of the --ssl-reqd option on the command line or CURLOPT_USE_SSL setting set to CURLUSESSL_CONTROL or CURLUSESSL_ALL with libcurl. A remote attacker with control over the IMAP, POP3 or FTP server can send a specially crafted but perfectly legitimate response to the libcurl client and force it silently to continue its operations without TLS encryption and transmit data in clear text over the network.

Mitigation

Install update from vendor's website.

Vulnerable software versions

DB2 Warehouse on Cloud Pak for Data: before 4.8.2

DB2 on Cloud Pak for Data: before 4.8.2

CPE2.3
External links

http://www.ibm.com/support/pages/node/7117873


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

67) Incorrect Implementation of Authentication Algorithm

EUVDB-ID: #VU63009

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-27782

CWE-ID: CWE-303 - Incorrect Implementation of Authentication Algorithm

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the way libcurl handles previously used connections in a connection pool for subsequent transfers. Several TLS and SSH settings were left out from the configuration match checks, resulting in erroneous matches for different resources. As a result, libcurl can send authentication string from one resource to another, exposing credentials to a third-party.

Mitigation

Install update from vendor's website.

Vulnerable software versions

DB2 Warehouse on Cloud Pak for Data: before 4.8.2

DB2 on Cloud Pak for Data: before 4.8.2

CPE2.3
External links

http://www.ibm.com/support/pages/node/7117873


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

68) XML External Entity injection

EUVDB-ID: #VU55148

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-22922

CWE-ID: CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to insufficient validation of user-supplied XML input. A remote attacker can pass a specially crafted XML code to the affected application and view contents of arbitrary files on the system or initiate requests to external systems.

Successful exploitation of the vulnerability may allow an attacker to view contents of arbitrary file on the server or perform network scanning of internal and external infrastructure.

Mitigation

Install update from vendor's website.

Vulnerable software versions

DB2 Warehouse on Cloud Pak for Data: before 4.8.2

DB2 on Cloud Pak for Data: before 4.8.2

CPE2.3
External links

http://www.ibm.com/support/pages/node/7117873


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

69) Resource exhaustion

EUVDB-ID: #VU64682

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-32206

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insecure processing of compressed HTTP responses. A malicious server can send a specially crafted HTTP response to curl and perform a denial of service attack by forcing curl to spend enormous amounts of allocated heap memory, or trying to and returning out of memory errors.

Mitigation

Install update from vendor's website.

Vulnerable software versions

DB2 Warehouse on Cloud Pak for Data: before 4.8.2

DB2 on Cloud Pak for Data: before 4.8.2

CPE2.3
External links

http://www.ibm.com/support/pages/node/7117873


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

70) Information disclosure

EUVDB-ID: #VU62644

Risk: Low

CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-27776

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to curl can leak authentication or cookie header data during HTTP redirects to the same host but another port number. When asked to send custom headers or cookies in its HTTP requests, curl sends that set of headers only to the host which name is used in the initial URL, so that redirects to other hosts will make curl send the data to those. However, due to a flawed check, curl wrongly also sends that same set of headers to the hosts that are identical to the first one but use a different port number or URL scheme.

The vulnerability exists due to an incomplete fix for #VU10224 (CVE-2018-1000007).

Mitigation

Install update from vendor's website.

Vulnerable software versions

DB2 Warehouse on Cloud Pak for Data: before 4.8.2

DB2 on Cloud Pak for Data: before 4.8.2

CPE2.3
External links

http://www.ibm.com/support/pages/node/7117873


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

71) Allocation of Resources Without Limits or Throttling

EUVDB-ID: #VU72337

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-23916

CWE-ID: CWE-770 - Allocation of Resources Without Limits or Throttling

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect implementation of the "chained" HTTP compression algorithms, where the number of links in the decompression chain was limited for each header instead of the entire request. A remote attacker can send a specially crafted compressed HTTP request with numerous headers and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

DB2 Warehouse on Cloud Pak for Data: before 4.8.2

DB2 on Cloud Pak for Data: before 4.8.2

CPE2.3
External links

http://www.ibm.com/support/pages/node/7117873


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

72) Improper synchronization

EUVDB-ID: #VU76235

Risk: Low

CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-28320

CWE-ID: CWE-662 - Improper Synchronization

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper synchronization when resolving host names using the alarm() and siglongjmp() function. A remote attacker can force the application to crash by influencing contents of the global buffer.

Mitigation

Install update from vendor's website.

Vulnerable software versions

DB2 Warehouse on Cloud Pak for Data: before 4.8.2

DB2 on Cloud Pak for Data: before 4.8.2

CPE2.3
External links

http://www.ibm.com/support/pages/node/7117873


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

73) Buffer overflow

EUVDB-ID: #VU68895

Risk: High

CVSSv3.1: 7.3 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2022-3602

CWE-ID: CWE-119 - Memory corruption

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing the email address field inside  X.509 certificate. A remote attacker can supply a specially crafted certificate to the application, trigger a 4-byte buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system but requires that either a CA signs the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer.

Mitigation

Install update from vendor's website.

Vulnerable software versions

DB2 Warehouse on Cloud Pak for Data: before 4.8.2

DB2 on Cloud Pak for Data: before 4.8.2

CPE2.3
External links

http://www.ibm.com/support/pages/node/7117873


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

74) Improper Verification of Cryptographic Signature

EUVDB-ID: #VU64685

Risk: Medium

CVSSv3.1: 4.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-32208

CWE-ID: CWE-347 - Improper Verification of Cryptographic Signature

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to improper handling of message verification failures when performing FTP transfers secured by krb5. A remote attacker can perform MitM attack and manipulate data.

Mitigation

Install update from vendor's website.

Vulnerable software versions

DB2 Warehouse on Cloud Pak for Data: before 4.8.2

DB2 on Cloud Pak for Data: before 4.8.2

CPE2.3
External links

http://www.ibm.com/support/pages/node/7117873


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

75) Improper certificate validation

EUVDB-ID: #VU76237

Risk: Medium

CVSSv3.1: 4.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-28321

CWE-ID: CWE-295 - Improper Certificate Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to improper certificate validation when matching wildcards in TLS certificates for IDN names. A remote attacker crate a specially crafted certificate that will be considered trusted by the library.

Successful exploitation of the vulnerability requires that curl is built to use OpenSSL, Schannel or Gskit.

Mitigation

Install update from vendor's website.

Vulnerable software versions

DB2 Warehouse on Cloud Pak for Data: before 4.8.2

DB2 on Cloud Pak for Data: before 4.8.2

CPE2.3
External links

http://www.ibm.com/support/pages/node/7117873


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

76) Use-after-free

EUVDB-ID: #VU70456

Risk: Low

CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-43552

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error while processing denied requests from HTTP proxies when using SMB or TELNET protocols. A remote attacker can trigger a use-after-free error and crash the application.


Mitigation

Install update from vendor's website.

Vulnerable software versions

DB2 Warehouse on Cloud Pak for Data: before 4.8.2

DB2 on Cloud Pak for Data: before 4.8.2

CPE2.3
External links

http://www.ibm.com/support/pages/node/7117873


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

77) Use of Uninitialized Variable

EUVDB-ID: #VU55149

Risk: Medium

CVSSv3.1: 4.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-22925

CWE-ID: CWE-457 - Use of Uninitialized Variable

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to usage of uninitialized variable in code, responsible for processing TELNET requests when parsing NEW_ENV variables. A remote attacker can force the affected application to connect to a telnet server under attackers control and read up to 1800 bytes from the uninitialized memory on the libcurl client system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

DB2 Warehouse on Cloud Pak for Data: before 4.8.2

DB2 on Cloud Pak for Data: before 4.8.2

CPE2.3
External links

http://www.ibm.com/support/pages/node/7117873


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

78) Insufficiently protected credentials

EUVDB-ID: #VU55145

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-22923

CWE-ID: CWE-522 - Insufficiently Protected Credentials

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to insufficiently protected credentials. A remote attacker can gain access to sensitive information on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

DB2 Warehouse on Cloud Pak for Data: before 4.8.2

DB2 on Cloud Pak for Data: before 4.8.2

CPE2.3
External links

http://www.ibm.com/support/pages/node/7117873


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

79) Input validation error

EUVDB-ID: #VU66881

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-35252

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to the way curl handles cookies with control codes (byte values below 32). When cookies that contain such control codes are later sent back to an HTTP(S) server, it might make the server return a 400 response, effectively allowing a "sister site" to deny service to siblings.

Mitigation

Install update from vendor's website.

Vulnerable software versions

DB2 Warehouse on Cloud Pak for Data: before 4.8.2

DB2 on Cloud Pak for Data: before 4.8.2

CPE2.3
External links

http://www.ibm.com/support/pages/node/7117873


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

80) Expected behavior violation

EUVDB-ID: #VU76238

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-28322

CWE-ID: CWE-440 - Expected Behavior Violation

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to a logic error when sending HTTP POST and PUT requests using the same handle. The libcurl can erroneously use the read callback (CURLOPT_READFUNCTION) to ask for data to send, even when the CURLOPT_POSTFIELDS option has been set, if the same handle previously was used to issue a PUT request which used that callback. As a result, the application can misbehave and either send off the wrong data or use memory after free or similar in the second transfer.

Mitigation

Install update from vendor's website.

Vulnerable software versions

DB2 Warehouse on Cloud Pak for Data: before 4.8.2

DB2 on Cloud Pak for Data: before 4.8.2

CPE2.3
External links

http://www.ibm.com/support/pages/node/7117873


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

81) Allocation of Resources Without Limits or Throttling

EUVDB-ID: #VU70334

Risk: Medium

CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C]

CVE-ID: CVE-2022-41717

CWE-ID: CWE-770 - Allocation of Resources Without Limits or Throttling

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to excessive memory growth when handling HTTP/2 server requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.

Mitigation

Install update from vendor's website.

Vulnerable software versions

DB2 Warehouse on Cloud Pak for Data: before 4.8.2

DB2 on Cloud Pak for Data: before 4.8.2

CPE2.3
External links

http://www.ibm.com/support/pages/node/7117873


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.



###SIDEBAR###