Unspecified vulnerability in the ADMIN_SP_C procedure (SYSPROC.ADMIN_SP_C) in IBM DB2 UDB before 8.2 Fixpak 16, 9.1 before FP4a, and 9.5 before FP1 allows remote authenticated users to execute arbitrary code via unspecified attack vectors.
http://www.vupen.com/english/advisories/2008/0401
http://www.securityfocus.com/archive/1/491075/100/0/threaded
http://www.appsecinc.com/resources/alerts/db2/2008-02.shtml
http://secunia.com/advisories/29784
http://secunia.com/advisories/29022
http://secunia.com/advisories/28771
http://www-1.ibm.com/support/docview.wss?uid=swg1IZ10917
http://www-1.ibm.com/support/docview.wss?uid=swg1IZ06973
http://www-1.ibm.com/support/docview.wss?uid=swg1IZ06972
Source: Mitre, NVD
Published: 2008-02-12
Updated: 2026-06-16
Base Score: 9
Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C
Severity: High
Base Score: 8.8
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS: 0.08004