This script is Copyright (C) 2012-2014 Tenable Network Security, Inc.
The remote database server is affected by multiple issues.
According to its version, the installation of DB2 10.1 on the remote
host is affected by one or more of the following issues :
- An error exists in the stored procedure
'SQLJ.DB2_INSTALL_JAR' that can allow unauthorized
replacement of Jar files. Note this vulnerability only
affects the Windows platform. (#IC84716 / CVE-2012-2194)
- An error exists in the stored procedures
'GET_WRAP_CFG_C' and 'GET_WRAP_CFG_C2' that can allow
unauthorized reading of XML files.
(#IC84751 / CVE-2012-2196)
- A stack-based buffer overflow exists in the Java
stored procedure infrastructure.
(#IC84755 / CVE-2012-2197)
- An error exists in the 'UTL_FILE' module that can allow
read, write and delete access to files outside the
intended directory. Note this vulnerability only
affects the Windows platform. (#IC85513 / CVE-2012-3324)
See also :
Apply DB2 Version 10.1 Fix Pack 1 or later.
Risk factor :
High / CVSS Base Score : 8.5
CVSS Temporal Score : 7.4
Public Exploit Available : true