A software defect in IBM Big SQL prevents data masking rules to be enforced when a user executes CREATE TABLE AS (SELECT …) WITH DATA statement. The newly created table contains unmasked data.
CVEID:CVE-2022-22353
**DESCRIPTION:**IBM Big SQL could allow an authenticated user with appropriate permissions to obtain sensitive information by bypassing data masking rules using a CREATE TABLE SELECT statement.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/220480 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N)
Affected Product(s)|**Big SQL Version(s)
**|Platform Version(s)
—|—|—
IBM Big SQL on Cloudera Data Platform| 7.1.0| Cloudera Data Platform 7.1.3, 7.1.4, 7.1.5, 7.1.7
IBM Big SQL on IBM Cloud Pak for Data| 7.1.1| Cloud Pak for Data 3.5, 3.5 Refresh 1 - 9
IBM Big SQL on IBM Cloud Pak for Data| 7.2.0 - 7.2.3| Cloud Pak for Data 4.0, 4.0 Refresh 1 - 3
IBM Big SQL on IBM Cloud Pak for Data| 7.2.3| Cloud Pak for Data 4.0 Refresh 4
Product(s) | Big SQL Version(s) | Platform Versions(s) | Remediation/Fix/Instructions |
---|---|---|---|
IBM Big SQL on Cloudera Data Platform | 7.1.0 | Cloudera Data Platform 7.1.3, 7.1.4, 7.1.5, 7.1.7 | Install Big SQL 7.1.0 APAR PH40808 |
IBM Big SQL on IBM Cloud Pak for Data | 7.1.1 | 3.5, 3.5 Refresh 1 -9 | Install Big SQL 7.1.1 patch 380 |
IBM Big SQL on IBM Cloud Pak for Data | 7.2.0 - 7.2.3 | 4.0, 4.0 Refresh 1 - 3 | Update to version 7.2.5 on Cloud Pak for Data 4.0 Refresh 5 |
IBM Big SQL on IBM Cloud Pak for Data | 7.2.3 | 4.0 Refresh 4 | Update to version 7.2.5 on Cloud Pak for Data 4.0 Refresh 5 |
IBM strongly advises to apply the remediation above.
None