IBM DB2 10.5.x < 10.5.500.109 Information Disclosure (credentialed check)
Medium Nessus Plugin ID 84021
SynopsisThe remote database server is affected by an information disclosure vulnerability.
DescriptionThe version of IBM DB2 installed on the remote host is affected by an information disclosure vulnerability due to an unspecified flaw in the monitoring and audit features. A remote, authenticated attacker can exploit this flaw, via a crafted series of commands, to view passwords in SQL statements containing ENCRYPT/DECRYPT UDFs or federated DDL statements.
SolutionInstall APAR IT07554 per the vendor advisory.