Security Bulletin: IBM DB2 Security Vulnerability in the UTL_FILE module (CVE-2012-3324)
Vulnerability in IBM DB2 could allow an authenticated user, without proper authorization, to view, modify and delete any file.
Affected product(s): IBM DB2 V10.1 on Windows
IBM® DB2® 10.1 Express Edition
IBM® DB2® 10.1 Workgroup Server Edition
IBM® DB2® 10.1 Enterprise Server Edition
IBM® DB2® 10.1 Advanced Enterprise Server Edition
IBM® DB2® Connect™ 10.1 Application Server Edition
IBM® DB2® Connect™ 10.1 Enterprise Edition
IBM® DB2® Connect™ 10.1 Unlimited Edition for System i®
IBM® DB2® Connect™ 10.1 Unlimited Edition for System z®
Refer to the following reference URLs for remediation and additional vulnerability details.
X-Force Database: http://xforce.iss.net/xforce/xfdb/77924