CVE-2022-36111 is a vulnerability identified in the immudb client SDK versions prior to 1.4.1. immudb is a database designed with built-in cryptographic proof and verification mechanisms to ensure data integrity and authenticity. The vulnerability arises from insufficient verification of data authenticity (CWE-345) within the client SDK, allowing a malicious immudb server to present falsified cryptographic proofs. These falsified proofs can be accepted by the client SDK, resulting in the signing of a falsified transaction that replaces the genuine transaction. Importantly, this vulnerability cannot be triggered by a legitimate immudb server; it requires a malicious server and a specific sequence of verified operations performed by the client that leads to acceptance of an invalid state value. The immudb server itself is not vulnerable, only the client SDK is affected. This flaw compromises the integrity of the data verification process, undermining the trust model of immudb's cryptographic guarantees. The issue was addressed and patched in immudb client SDK version 1.4.1. There are no known exploits in the wild reported to date.

For European organizations utilizing immudb client SDK versions prior to 1.4.1, this vulnerability poses a risk to data integrity and trustworthiness of transactions recorded or verified through immudb. Since immudb is designed to provide tamper-proof data storage with cryptographic proofs, exploitation could allow a malicious server to manipulate transaction records or state values undetected by the client, potentially leading to fraudulent data states or unauthorized data modifications. This can affect sectors relying on immudb for audit trails, compliance records, or any application where data immutability and authenticity are critical, such as financial services, supply chain management, healthcare, and governmental record keeping. The impact is primarily on data integrity and non-repudiation, which could result in legal, regulatory, or operational consequences if falsified data is accepted as genuine. However, since exploitation requires a malicious server and specific client operations, the attack surface is somewhat limited. Availability and confidentiality are not directly impacted by this vulnerability.

European organizations should ensure that all immudb client SDK deployments are updated to version 1.4.1 or later, where this vulnerability is patched. Beyond patching, organizations should implement strict validation and monitoring of immudb server endpoints to detect and prevent connections to unauthorized or untrusted servers. Employing network segmentation and access controls to limit client SDK communication only to verified immudb servers can reduce exposure. Additionally, organizations should audit and review client-side operations that interact with immudb to ensure they do not inadvertently perform the specific sequence of operations that trigger acceptance of invalid state values. Incorporating anomaly detection on transaction verification results may help identify suspicious or inconsistent proofs. Finally, integrating immudb usage within a broader security framework that includes cryptographic key management, secure software supply chain practices, and incident response plans will enhance resilience against such threats.