Critical Severity

Security Bulletin: Due to use of Spring Framework, IBM Db2 Web Query for i is vulnerable to unprotected fields (CVE-2022-22968), remote code execution (CVE-2022-22965), and denial of service (CVE-2022-22950).

Share this post:

There are multiple vulnerabilities in Spring Framework (CVE-2022-22968, CVE-2022-22965, and CVE-2022-22950) as described in the vulnerability details section. Spring Framework v5.3.8 is used by Db2 Web Query for i for infrastructure support. IBM has addressed the vulnerabilities in Db2 Web Query for i by upgrading to Spring Framework v5.3.19.

CVE(s): CVE-2022-22968, CVE-2022-22965, CVE-2022-22950

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
IBM Db2 Web Query for i 2.3.0
IBM Db2 Web Query for i 2.2.1

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6593861
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/224374
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/223103
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/223096

More stories

Security Bulletin: IBM Case Manager is affected but not classified as vulnerable to a remote code execution in Spring Framework [CVE-2022-22965]

September 30, 2022 | Critical Severity

IBM Case Manager is affected but not classified as vulnerable to a remote code execution in Spring Framework [CVE-2022-22965]. To be vulnerable a product must meet all of the following criterias: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR (in contrast to a Spring Boot executable jar), 4. Spring-webmvc or spring-webflux dependency, 5. Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions. Cloud connector service if enabled will use only the spring, as in a client to make only the REST calls with IBM Cloud Mangement Console. The fix includes Spring 5.3.18. IBM Case Manager doesn't meet all of the criterias and, therefore, is not vulnerable. ...read more


Security Bulletin: Multiple vulnerabilities in Curl affect PowerSC

September 23, 2022 | Critical Severity

There are multiple vulnerabilities in Curl that affect PowerSC. ...read more


Security Bulletin: A security vulnerability has been identified in Postgresql shipped with IBM Tivoli Netcool Impact (CVE-2022-26520, CVE-2022-21724, 220313)

September 21, 2022 | Critical Severity

Postgresql is shipped with IBM Tivoli Netcool Impact. Information about a security vulnerability affecting Postgresql has been published in a security bulletin. ...read more