CVE-2008-2154: IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP2 provides an INSTALL_JAR (aka sqlj.install_jar) procedure, which allows remote authenticated users to…

medium6CVSS 3.1

AVNACMAuSCPIPAP

IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP2 provides an INSTALL_JAR (aka sqlj.install_jar) procedure, which allows remote authenticated users to create or overwrite arbitrary files via unspecified calls.

Affected

3 ranges

Vendor	Product	Version range	Fixed in
ibm	db2	—	—
ibm	db2	—	—
ibm	db2	—	—