Security Bulletin: IBM Db2 Web Query for i is vulnerable to a remote attacker bypassing security restrictions or executing arbitrary code, to a local authenticated attacker obtaining sensitive information, or to denial of service.

​Db2 Web Query is vulnerable to issues in multiple components. The components are used for multiple purposes in the underlying ibi WebFOCUS base product. The components are vulnerable to a remote attacker bypassing security restrictions (CVE-2023-20860 and CVE-2023-20862), a remote attacker executing arbitrary code on the system (CVE-2017-15708), denial of service attacks (CVE-2023-1370, CVE-2023-20861, CVE-2023-20863, CVE-2023-24998) and a local authenticated attacker obtaining sensitive information (CVE-2022-41946). Db2 Web Query has addressed the vulnerabilities as described in the remediation/fixes section. Read More