Description

IBM Big SQL on IBM Cloud Pak for Data 7.1.0, 7.1.1, 7.2.0, and 7.2.3 could allow an authenticated user with appropriate permissions to obtain sensitive information by bypassing data masking rules using a CREATE TABLE SELECT statement. IBM X-Force ID: 220480.

Related CPE's

a

ibm

big_sql

4

a

cloudera

data_platform

4

a

ibm

cloud_pak_for_data

7

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/220480

VDB EntryVendor Advisory

https://www.ibm.com/support/pages/node/6563021

Vendor Advisory

Weaknesses

[email protected]

Primary
NVD-CWE-noinfo

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.5 · Medium

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2022-03-14T17:15:07.993

3 years ago

Last modified

2022-03-22T14:40:36.893

3 years ago