IBM DB2 9.7.x < 9.7.1000.568 Information Disclosure (credentialed check)
Medium Nessus Plugin ID 84022
SynopsisThe remote database server is affected by an information disclosure vulnerability.
DescriptionThe version of IBM DB2 installed on the remote host is affected by an information disclosure vulnerability due to an unspecified flaw in the monitoring and audit features. A remote, authenticated attacker can exploit this flaw, via a crafted series of commands, to view passwords in SQL statements containing ENCRYPT/DECRYPT UDFs or federated DDL statements.
SolutionInstall APAR IT07547 per the vendor advisory.