9 matches found
Security Bulletin: IBM Db2 Web Query for i is vulnerable to a remote attacker bypassing security restrictions or to denial of service.
Summary IBM Db2 Web Query for i is vulnerable to issues in multiple components. The components are used for multiple purposes in the underlying ibi WebFOCUS base product. The components are vulnerable to a remote attacker bypassing security restrictions CVE-2023-34034 and CVE-2023-44981 and denia...
Security Bulletin: IBM Db2 Web Query for i is vulnerable to a remote attacker bypassing security restrictions or executing arbitrary code, to a local authenticated attacker obtaining sensitive information, or to denial of service.
Summary Db2 Web Query is vulnerable to issues in multiple components. The components are used for multiple purposes in the underlying ibi WebFOCUS base product. The components are vulnerable to a remote attacker bypassing security restrictions CVE-2023-20860 and CVE-2023-20862, a remote attacker...
Security Bulletin: IBM Db2 Web Query for i is vulnerable to arbitrary code execution due to SnakeYaml [CVE-2022-1471]
Summary SnakeYaml is a YAML Ain't Markup Language parser used by Db2 Web Query in the underlying WebFOCUS base product. SnakeYaml could allow arbitrary code execution as described in the vulnerability details section. Db2 Web Query has addressed the vulnerability as described in the...
Security Bulletin: IBM Db2 Web Query for i is vulnerable to arbitrary code execution due to Apache Commons Text [CVE-2022-42889]
Summary Db2 Web Query is vulnerable to arbitrary code execution due to Apache Commons Text CVE-2022-42889. Apache Commons Text is used by IBM Db2 Web Query for i for string functionality. The fix includes Apache Commons Text 1.10.0. Vulnerability Details CVEID:CVE-2022-42889 DESCRIPTION: Apache...
Security Bulletin: Due to use of Spring Framework, IBM Db2 Web Query for i is vulnerable to unprotected fields (CVE-2022-22968), remote code execution (CVE-2022-22965), and denial of service (CVE-2022-22950).
Summary There are multiple vulnerabilities in Spring Framework CVE-2022-22968, CVE-2022-22965, and CVE-2022-22950 as described in the vulnerability details section. Spring Framework v5.3.8 is used by Db2 Web Query for i for infrastructure support. IBM has addressed the vulnerabilities in Db2 Web...
Security Bulletin: IBM Db2 Web Query for i is vulnerable to denial of service in Apache Commons Compress (CVE-2021-36090), arbitrary code execution in Apache Log4j (CVE-2021-44832), and cross-site scripting in TIBCO WebFOCUS (CVE-2021-35493)
Summary There are vulnerabilities in Apache Commons Compress CVE-2021-36090, Apache Log4j CVE-2021-44832, and TIBCO WebFOCUS CVE-2021-35493 as described in the vulnerability details section. Apache Commons Compress is used by Db2 Web Query for zipping and unzipping objects, such as import and...
Security Bulletin: Due to use of Apache Log4j, IBM Db2 Web Query for i is vulnerable to arbitrary code execution (CVE-2021-4104, CVE-2022-23302, and CVE-2022-23307) and SQL injection (CVE-2022-23305)
Summary There are multiple vulnerabilities in Apache Log4j CVE-2021-4104, CVE-2022-23302, CVE-2022-23305, and CVE-2022-23307 as described in the vulnerability details section. Apache Log4j v1 is used by Db2 Web Query for i for generating logs and diagnostic traces in some of its components. IBM h...
Security Bulletin: A vulnerability in Apache Log4j affects IBM Db2 Web Query for i (CVE-2021-45105)
Summary There is a vulnerability in Apache Log4j as described in the vulnerability details section. Apache Log4j v2.16 is used by Db2 Web Query for i for generating logs and diagnostic traces in some of its components. IBM has addressed the vulnerability in Db2 Web Query for i. Vulnerability...
Security Bulletin: Web Query is affected by the Apache Commons vulnerability (CVE-2015-7450)
Summary An Apache Commons Collections vulnerability for handling Java object deserialization was addressed by IBM® DB2 Web Query for i. Apache is the underlying infrastructure for many java based products, including Web Query. While not part of Web Query itself, it was important to include the...