First published: Wed Jun 03 2009(Updated: )
IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP2 provides an INSTALL_JAR (aka sqlj.install_jar) procedure, which allows remote authenticated users to create or overwrite arbitrary files via unspecified calls.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Ibm Db2 | =8.0-fp11 | |
Ibm Db2 | =8.0-fp10 | |
Ibm Db2 | =9.1-fp4 | |
Ibm Db2 | =9.1-fp1 | |
Ibm Db2 | =9.5-fp1 | |
Ibm Db2 | =8.0-fp16 | |
Ibm Db2 | =9.1-fp3 | |
Ibm Db2 | =9.1-fp3a | |
Ibm Db2 | =8.0-fp14 | |
Ibm Db2 | =8.0-fp1 | |
Ibm Db2 | =9.1-fp2 | |
Ibm Db2 | =9.1-fp4a | |
Ibm Db2 | =8.0-fp13 | |
Ibm Db2 | =8.0-fp12 | |
Ibm Db2 | =8.0-fp15 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.