Certain XML functions in IBM DB2 8.1 run with the privileges of DB2 instead of the logged-in user, which allows remote malicious users to create or overwrite files via (1) XMLFileFromVarchar or (2) XMLFileFromClob, or read files via (3) XMLVarcharFromFile or (4) XMLClobFromFile.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ibm db2 8.1 |