Team SHATTER Security Advisory: XML file disclosure vulnerability via GET_WRAP_CFG_C and GET_WRAP_CFG_C2

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 AppSecInc Team SHATTER Security Advisory XML file disclosure vulnerability via GETWRAPCFGC and GETWRAPCFGC2 system stored procedures. Risk Level: Medium Affected versions: IBM DB2 LUW 9.1, 9.5, 9.7, 10.1 Remote exploitable: No Credits: This...

IBM DB2 9.7 < Fix Pack 7 Multiple Vulnerabilities

According to its version, the installation of IBM DB2 9.7 running on the remote host is prior to Fix Pack 7. It is, therefore, affected by one or more of the following issues : - An error exists related to the stored procedure 'SQLJ.DB2INSTALLJAR' that can allow 'JAR' files to be overwritten. Not...

IBM DB2 10.1 < Fix Pack 1 Multiple Vulnerabilities

According to its version, the installation of DB2 10.1 running on the remote host is affected by one or more of the following issues : - An error exists in the stored procedure 'SQLJ.DB2INSTALLJAR' that can allow unauthorized replacement of Jar files. Note this vulnerability only affects the...

CVE-2012-2196

CVE-2012-2196 affects IBM DB2 LUW 9.1 (before FP12), 9.5 (through FP9), 9.7 (through FP6), 9.8 (through FP5), and 10.1 (through FP1). Affected routines GET_WRAP_CFG_C and GET_WRAP_CFG_C2 allow an authenticated user, without proper authority, to read XML files accessible to the DB2 fenced ID. Impa...