This script is Copyright (C) 2010-2014 Tenable Network Security, Inc.
The remote database server is affected by multiple issues.
According to its version, the installation of DB2 9.7 on the remote
host is older than Fix Pack 3. Such versions are affected by one or
more of the following issues :
- When privileges on a database object are revoked from
PUBLIC, the dependent functions are not marked INVALID.
As a result, users with execute privilege on the
function are still able to call it successfully.
- If a compound SQL (compiled) statement has been issued
by a user that is properly authorized, this is cached in
the dynamic SQL cache. Once cached, this same query can
be executed by any user if that user has the proper
- Multiple vulnerabilities in 'db2dasrrm' component could
allow arbitrary code execution. (IC70539 / IC72029)
See also :
Apply DB2 Version 9.7 Fix Pack 3 or later.
Risk factor :
Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 3.7
Public Exploit Available : false