Lucene search
+L

9 matches found

ibm
ibm
added 2024/03/14 2:17 p.m.60 views

Security Bulletin: IBM Db2 Web Query for i is vulnerable to a remote attacker bypassing security restrictions or to denial of service.

Summary IBM Db2 Web Query for i is vulnerable to issues in multiple components. The components are used for multiple purposes in the underlying ibi WebFOCUS base product. The components are vulnerable to a remote attacker bypassing security restrictions CVE-2023-34034 and CVE-2023-44981 and denia...

9.8CVSS8.1AI score0.03465EPSS
Exploits5Affected Software1
ibm
ibm
added 2024/01/03 8:25 p.m.72 views

Security Bulletin: IBM Db2 Web Query for i is vulnerable to a remote attacker bypassing security restrictions or executing arbitrary code, to a local authenticated attacker obtaining sensitive information, or to denial of service.

Summary Db2 Web Query is vulnerable to issues in multiple components. The components are used for multiple purposes in the underlying ibi WebFOCUS base product. The components are vulnerable to a remote attacker bypassing security restrictions CVE-2023-20860 and CVE-2023-20862, a remote attacker...

9.8CVSS9AI score0.46836EPSS
Exploits5Affected Software1
ibm
ibm
added 2023/07/19 8:29 p.m.86 views

Security Bulletin: IBM Db2 Web Query for i is vulnerable to arbitrary code execution due to SnakeYaml [CVE-2022-1471]

Summary SnakeYaml is a YAML Ain't Markup Language parser used by Db2 Web Query in the underlying WebFOCUS base product. SnakeYaml could allow arbitrary code execution as described in the vulnerability details section. Db2 Web Query has addressed the vulnerability as described in the...

9.8CVSS9.4AI score0.99615EPSS
Exploits8Affected Software5
ibm
ibm
added 2023/02/13 6:25 p.m.118 views

Security Bulletin: IBM Db2 Web Query for i is vulnerable to arbitrary code execution due to Apache Commons Text [CVE-2022-42889]

Summary Db2 Web Query is vulnerable to arbitrary code execution due to Apache Commons Text CVE-2022-42889. Apache Commons Text is used by IBM Db2 Web Query for i for string functionality. The fix includes Apache Commons Text 1.10.0. Vulnerability Details CVEID:CVE-2022-42889 DESCRIPTION: Apache...

9.8CVSS9.9AI score0.99931EPSS
Exploits42Affected Software5
ibm
ibm
added 2022/06/10 5:17 a.m.55 views

Security Bulletin: Due to use of Spring Framework, IBM Db2 Web Query for i is vulnerable to unprotected fields (CVE-2022-22968), remote code execution (CVE-2022-22965), and denial of service (CVE-2022-22950).

Summary There are multiple vulnerabilities in Spring Framework CVE-2022-22968, CVE-2022-22965, and CVE-2022-22950 as described in the vulnerability details section. Spring Framework v5.3.8 is used by Db2 Web Query for i for infrastructure support. IBM has addressed the vulnerabilities in Db2 Web...

9.8CVSS9.4AI score0.99677EPSS
Exploits105Affected Software6
ibm
ibm
added 2022/03/30 2:28 p.m.40 views

Security Bulletin: IBM Db2 Web Query for i is vulnerable to denial of service in Apache Commons Compress (CVE-2021-36090), arbitrary code execution in Apache Log4j (CVE-2021-44832), and cross-site scripting in TIBCO WebFOCUS (CVE-2021-35493)

Summary There are vulnerabilities in Apache Commons Compress CVE-2021-36090, Apache Log4j CVE-2021-44832, and TIBCO WebFOCUS CVE-2021-35493 as described in the vulnerability details section. Apache Commons Compress is used by Db2 Web Query for zipping and unzipping objects, such as import and...

9CVSS8.1AI score0.97906EPSS
Exploits9Affected Software6
ibm
ibm
added 2022/01/25 2:48 p.m.70 views

Security Bulletin: Due to use of Apache Log4j, IBM Db2 Web Query for i is vulnerable to arbitrary code execution (CVE-2021-4104, CVE-2022-23302, and CVE-2022-23307) and SQL injection (CVE-2022-23305)

Summary There are multiple vulnerabilities in Apache Log4j CVE-2021-4104, CVE-2022-23302, CVE-2022-23305, and CVE-2022-23307 as described in the vulnerability details section. Apache Log4j v1 is used by Db2 Web Query for i for generating logs and diagnostic traces in some of its components. IBM h...

9.8CVSS10.1AI score0.81147EPSS
Exploits10Affected Software6
ibm
ibm
added 2021/12/29 4:41 a.m.48 views

Security Bulletin: A vulnerability in Apache Log4j affects IBM Db2 Web Query for i (CVE-2021-45105)

Summary There is a vulnerability in Apache Log4j as described in the vulnerability details section. Apache Log4j v2.16 is used by Db2 Web Query for i for generating logs and diagnostic traces in some of its components. IBM has addressed the vulnerability in Db2 Web Query for i. Vulnerability...

5.9CVSS1.1AI score0.99999EPSS
Exploits20Affected Software6
ibm
ibm
added 2019/12/18 2:26 p.m.31 views

Security Bulletin: Web Query is affected by the Apache Commons vulnerability (CVE-2015-7450)

Summary An Apache Commons Collections vulnerability for handling Java object deserialization was addressed by IBM® DB2 Web Query for i. Apache is the underlying infrastructure for many java based products, including Web Query. While not part of Web Query itself, it was important to include the...

10CVSS0.6AI score0.97655EPSS
Exploits10Affected Software1
Rows per page
Query Builder