CVE-2005-4871

Name of the Vulnerable Software and Affected Versions: IBM DB2 version 8.1

Description: The issue allows remote attackers to create or overwrite files via XML functions such as XMLFileFromVarchar or XMLFileFromClob, or read files via XMLVarcharFromFile or XMLClobFromFile, due to certain XML functions running with the privileges of DB2 instead of the logged-in user.

Recommendations: For IBM DB2 version 8.1, consider restricting access to the XML functions XMLFileFromVarchar, XMLFileFromClob, XMLVarcharFromFile, and XMLClobFromFile to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.