Total vulnerabilities in the database
The NNSTAT (aka SYSPROC.NNSTAT) procedure in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 on Windows allows remote authenticated users to overwrite arbitrary files via the log file parameter.
| Software | From | Fixed in |
|---|---|---|
| ibm / db2 | 8.0-fp11 | 8.0-fp11.x |
| ibm / db2 | 8.0-fp3 | 8.0-fp3.x |
| ibm / db2 | 8.0-fp10 | 8.0-fp10.x |
| ibm / db2 | 8.0-fp9 | 8.0-fp9.x |
| ibm / db2 | 8.0-fp7b | 8.0-fp7b.x |
| ibm / db2 | 8.0-fp6a | 8.0-fp6a.x |
| ibm / db2 | 8.0-fp9a | 8.0-fp9a.x |
| ibm / db2 | 8.0-fp4 | 8.0-fp4.x |
| ibm / db2 | 8.0-fp8 | 8.0-fp8.x |
| ibm / db2 | 8.0-fp14 | 8.0-fp14.x |
| ibm / db2 | 8.0-fp2 | 8.0-fp2.x |
| ibm / db2 | 8.0-fp1 | 8.0-fp1.x |
| ibm / db2 | 8.0-fp5 | 8.0-fp5.x |
| ibm / db2 | 8.0-fp6c | 8.0-fp6c.x |
| ibm / db2 | 8.0-fp13 | 8.0-fp13.x |
| ibm / db2 | 8.0-fp8a | 8.0-fp8a.x |
| ibm / db2 | 8.0-fp12 | 8.0-fp12.x |
| ibm / db2 | 8.0-fp6b | 8.0-fp6b.x |
| ibm / db2 | 8.0-fp15 | 8.0-fp15.x |
| ibm / db2 | 8.0-fp7 | 8.0-fp7.x |
| ibm / db2 | 8.0-fp7a | 8.0-fp7a.x |
| ibm / db2 | 8.0-fp6 | 8.0-fp6.x |
| ibm / db2 | 9.1-fp3a | 9.1-fp3a.x |
| ibm / db2 | 9.1-fp1 | 9.1-fp1.x |
| ibm / db2 | 9.1-fp2 | 9.1-fp2.x |
| ibm / db2 | 9.1-fp3 | 9.1-fp3.x |
| ibm / db2 | 9.1-fp4 | 9.1-fp4.x |
| ibm / db2 | 9.5 | 9.5.x |