Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM5A905D3EDC86F4F0897D89A6B29B26B48EF8ADD7CBA0B8F1AFD6E3A5AF3539E0
HistoryMar 11, 2022 - 8:00 p.m.

Security Bulletin: Data masking rules are not enforced when CREATE TABLE AS SELECT statement is executed in IBM Data Virtualization on Cloud Pak for Data

2022-03-1120:00:25
www.ibm.com
13
ibm cloud pak for data
data virtualization
data masking rules
cve-2021-38971
security bulletin

EPSS

0.001

Percentile

23.7%

JSON

Summary

There is a defect in IBM Data Virtualization on Cloud Pak for Data where Watson Knowledge Catalog data masking rules will not be enforced when a user executes CREATE TABLE AS (SELECT …) WITH DATA statement successfully. The newly created table will contain unmasked data.

Vulnerability Details

CVEID:CVE-2021-38971
**DESCRIPTION:**IBM Data Virtualization on Cloud Pak for Data could allow an authorized user to bypass data masking rules and obtain sensitve information.
CVSS Base score: 4.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/212620 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

Affected Product(s)|**DV Version(s)
**|**CPD Version(s) **
—|—|—
IBM Data Virtualization(DV) on Cloud Pak for Data(CPD)| 1.3.0| 2.5.0
IBM Data Virtualization(DV) on Cloud Pak for Data(CPD)| 1.4.1| 3.0.1
IBM Data Virtualization(DV) on Cloud Pak for Data(CPD)| 1.5.0| 3.5, 3.5 Refresh 1 - 9
IBM Data Virtualization(DV) on Cloud Pak for Data(CPD)| 1.7.1 - 1.7.3| 4.0 Refresh 1 - 3
IBM Data Virtualization(DV) on Cloud Pak for Data(CPD)| 1.7.3| 4.0 Refresh 4

Remediation/Fixes

Affected Product(s)|**DV Version(s)
**|**CPD Version(s) **|**Fixes
**
—|—|—|—
IBM Data Virtualization(DV) on Cloud Pak for Data(CPD)| 1.3.0| 2.5.0|

Upgrade to version 1.5.0 patch version 1.5.0.0-270 (DV) /

3.5 Refresh 10 (CPD)

IBM Data Virtualization(DV) on Cloud Pak for Data(CPD)| 1.4.1| 3.0.1|

Upgrade to version 1.5.0 patch version 1.5.0.0-270 (DV) /

3.5 Refresh 10 (CPD)

IBM Data Virtualization(DV) on Cloud Pak for Data(CPD)| 1.5.0|

3.5,

3.5 Refresh 1 - 9

|

Apply patch version 1.5.0.0-270 (DV) /

3.5 Refresh 10 (CPD)

IBM Data Virtualization(DV) on Cloud Pak for Data(CPD)| 1.7.1 - 1.7.3| 4.0 Refresh 1 - 3|

Update to version 1.7.5 (DV) /

4.0 Refresh 5 (CPD)

IBM Data Virtualization(DV) on Cloud Pak for Data(CPD)| 1.7.3| 4.0 Refresh 4|

Update to version 1.7.5 (DV) /

4.0 Refresh 5 (CPD)

You must update the Cloud Pak for Data platform to version 4.0 Refresh 5 to install the fix for Data Virtualization.

To update Cloud Pak for Data platform to 4.0 Refresh 5, see the following links:

Workarounds and Mitigations

None

Related

nvd 1
cnvd 1
cvelist 1
prion 1
cve 1
nvd
nvd
CVE-2021-38971
2022-03-14 17:15:07
cnvd
cnvd
IBM Data Virtualization on Cloud Pak for Data Information Disclosure Vulnerability
2022-03-16 00:00:00
cvelist
cvelist
CVE-2021-38971
2022-03-14 17:00:21
prion
prion
Design/Logic Flaw
2022-03-14 17:15:00
cve
cve
CVE-2021-38971
2022-03-14 17:15:07

EPSS

0.001

Percentile

23.7%

JSON
Related for 5A905D3EDC86F4F0897D89A6B29B26B48EF8ADD7CBA0B8F1AFD6E3A5AF3539E0
nvd1cnvd1cvelist1prion1cve1