× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. January 2024

RE: DB2 Web Query Security Bulletin

For anyone with Web Query and not on 2.4

From IBM:

Note that release 230 is out of support since October 31. Based on the response from development I would suggest an update to 240.

Development's response is as follows:
IBM does not assess out-of-support releases for vulnerabilities. General experience across many products has been that most vulnerabilities found in the oldest supported release are also applicable to the prior out-of-support release. You should proceed with the expectation that statement is applicable for Web Query.

Greg

-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of Greg Wilburn
Sent: Wednesday, January 3, 2024 4:34 PM
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxxxxxxxx>
Subject: [EXTERNAL] DB2 Web Query Security Bulletin

I just received this security alert from IBM. The CVSS scores are very, very high.
https://www.ibm.com/support/pages/node/7105215?myns=swgother&mynp=OCSWG60&mync=E&cm_sp=swgother-_-OCSWG60-_-E

However, it only mentions version 2.4. Since IBM is dropping support, we didn't upgrade to 2.4 (we're on v2.3). In fact, an insider said I should just stay where I'm at when we heard the news they were dropping it.

I can't imagine that only version 2.4 has the issue... The language in the alert is very odd:

Affected Products and Versions
Affected Product(s)
Version(s)
IBM Db2 Web Query for i
2.4.0

Remediation/Fixes

IBM strongly recommends addressing the vulnerability now.

Release 2.4.0 is supported and can be fixed by applying Program Temporary Fixes (PTFs) to the IBM i.

The PTF numbers containing the fix for this vulnerability are in the following table.
IBM Db2 Web Query for i Release
IBM i Release
5733WQX Group PTF - Level to apply for remediation
2.4.0
7.5
SF99673 - 03<https://www.ibm.com/support/pages/sf99673-750-db2-web-query-i-v240-level-3>
7.4
SF99672 - 03<https://www.ibm.com/support/pages/sf99672-740-db2-web-query-i-v240-level-3>

[Logo]<https://www.totalbizfulfillment.com/> Greg Wilburn
Director of IT
301.895.3792 ext. 1231
301.895.3895 direct
gwilburn@xxxxxxxxxxxxxxxxxxxxxxx<mailto:gwilburn@xxxxxxxxxxxxxxxxxxxxxxx>
1 Corporate Dr
Grantsville, MD 21536
www.totalbizfulfillment.com<http://www.totalbizfulfillment.com>
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related questions.




[CAUTION! This email originated outside of the organization. Please do not open attachments or click links from an unknown or suspicious origin.]


As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.