CVE-2013-6744

Name of the Vulnerable Software and Affected Versions IBM DB2 versions 9.5, 9.7 before FP9a, 10.1 before FP3a, 10.5 before FP3a

Description The issue allows remote authenticated users to gain privileges by leveraging the CONNECT privilege and the CREATE EXTERNAL ROUTINE authority in the Stored Procedure infrastructure on Windows.

Recommendations For IBM DB2 version 9.5, update to a version that includes the necessary security fixes. For IBM DB2 version 9.7, apply FP9a or later to resolve the issue. For IBM DB2 version 10.1, apply FP3a or later to resolve the issue. For IBM DB2 version 10.5, apply FP3a or later to resolve the issue.