VULHUB ™

IBM DB2 is reported prone to a vulnerability allowing attackers to create and disclose arbitrary files on an affected computer. This issue may allow an attacker to corrupt data, disclose sensitive information and ultimately execute arbitrary code on a vulnerable computer. It is reported that this issue can be exploited by employing XML functions supplied with DB2 that allow users to create, overwrite, and disclose arbitrary files with the permissions of the DB2 server. The attacker must have a database connection to exploit this issue. A successful attack can result in a complete compromise of the computer or the database. This issue appears to correspond to one of the unspecified vulnerabilities announced in BID 11327.

IBM DB2 is reported prone to a vulnerability allowing attackers to create and disclose arbitrary files on an affected computer. This issue may allow an attacker to corrupt data, disclose sensitive information and ultimately execute arbitrary code on a vulnerable computer. It is reported that this issue can be exploited by employing XML functions supplied with DB2 that allow users to create, overwrite, and disclose arbitrary files with the permissions of the DB2 server. The attacker must have a database connection to exploit this issue. A successful attack can result in a complete compromise of the computer or the database. This issue appears to correspond to one of the unspecified vulnerabilities announced in BID 11327.