IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP2 provides an INSTALL_JAR (aka sqlj.install_jar) procedure, which allows remote authenticated users to create or overwrite arbitrary files via unspecified calls.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ibm db2 8.0 |
||
ibm db2 9.1 |
||
ibm db2 9.5 |