IBM Retired Db2 Web Query; It’s Time You Did, Too
February 5, 2024 Bill Langston
Just as you were returning to work to begin the new year, IBM published a security bulletin alerting Db2 Web Query customers that the software is “vulnerable to a remote attacker bypassing security restrictions or executing arbitrary code, to a local authenticated attacker obtaining sensitive information, or to denial of service.” The Four Hundred reported on the vulnerability in detail here.
The security bulletin only references release 2.4.0 of the now withdrawn Db2 Web Query software, but we suspect that is only because IBM doesn’t test unsupported releases. We believe the security vulnerabilities listed in the bulletin also exist …
Read more