SB2025070718 - Multiple vulnerabilities in IBM DB2 Data Management Console

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2025070718

SB2025070718 - Multiple vulnerabilities in IBM DB2 Data Management Console

Published: July 7, 2025

Security Bulletin ID SB2025070718
Severity
Medium
Patch available
YES
Number of vulnerabilities 5
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

Medium 80% Low 20%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 5 secuirty vulnerabilities.


1) Security restrictions bypass (CVE-ID: CVE-2022-23648)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to an error when handling specially crafted image configuration in containerd where containers launched through containerd’s CRI implementation. A remote attacker can bypass any policy-based enforcement on container setup and access the read-only copies of arbitrary files and directories on the host.


2) Resource exhaustion (CVE-ID: CVE-2022-32149)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to ParseAcceptLanguage does not properly control consumption of internal resources. A remote attacker can send a specially crafted Accept-Language header that will take a significant time to parse and perform a denial of service (DoS) attack.


3) Input validation error (CVE-ID: CVE-2022-27664)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.


4) Inconsistent interpretation of HTTP requests (CVE-ID: CVE-2022-41721)

The vulnerability allows a remote attacker to perform HTTP/2 request smuggling attacks.

The vulnerability exists due to improper validation of HTTP/2 requests when using MaxBytesHandler. A remote attacker can send a specially crafted HTTP/2 request to the server and smuggle arbitrary HTTP headers.

Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.


5) Security restrictions bypass (CVE-ID: CVE-2021-43816)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a logic issue, which causes arbitrary files and directories on the host to be relabeled to match the container process label through the use of specially-configured bind mounts in a hostPath volume. A local user can place the in-container location of the hostPath volume mount at either `/etc/hosts`, `/etc/hostname`, or `/etc/resolv.conf` and gain read/write access to arbitrary file on the system.

The vulnerability affects containerd installations using SELinux, such as EL8 (CentOS, RHEL), Fedora, or SUSE MicroOS.


Remediation

Install update from vendor's website.

References