Security Bulletin: Due to use of Apache Log4j, IBM Db2 Web Query for i is vulnerable to arbitrary code execution (CVE-2021-4104, CVE-2022-23302, and CVE-2022-23307) and SQL injection (CVE-2022-23305)

There are multiple vulnerabilities in Apache Log4j (CVE-2021-4104, CVE-2022-23302, CVE-2022-23305, and CVE-2022-23307) as described in the vulnerability details section. Apache Log4j v1 is used by Db2 Web Query for i for generating logs and diagnostic traces in some of its components. IBM has addressed the vulnerability in Db2 Web Query for i by upgrading to Apache Log4j 2.17.