Security Bulletin: Open Redirect and Cross-Site Scripting Vulnerabilities in the locally installable IBM DB2 Information Center (CVE-2012-2159, CVE-2012-2161, CVE-2013-0467)
The IBM DB2 Information Center package gives you local access to DB2 documentation on a local or intranet system. Some scripts in the help system, used by DB2 Information Center, are vulnerable to open redirect, or cross-site scripting attacks.
This security bulletin only applies to the installed (local or intranet system) DB2 Information Center. If you don't have a DB2 Information Center installed on a local or intranet system, then this security bulletin is not applicable.
The following locally installed IBM DB2 Information Center editions running on Linux, and Windows are affected by this security bulletin:
Refer to the following reference URLs for remediation and additional vulnerability details.