IBM plugged a security flaw in IBM's DB2 Universal Database this week.
The vulnerability, which could allow people already with access to the database to elevate their privileges, is only found in DB2 Universal Database for Linux, Windows and Unix, IBM said in a security advisory. Specifically, DB2 Universal Database version 8.1.4 through 8.1.9 and version 8.2.0 through 8.2.2 are affected.
The following products have the flaw: DB2 UDB Enterprise Server Edition, DB2 UDB Workgroup Server (all Editions), DB2 UDB Express Server (all Editions) and DB2 UDB Personal Edition.
According to the French Security Incident Response Team, a security research firm, the flaw could allow database users access to insert, update or delete contents of certain tables even if they don't have the privileges to do so. The flaw's potential for widespread exploit by something like a worm or malicious hackers is virtually nil because it cannot be remotely exploited by attackers.
Companies should, however, consider patching their systems sooner rather than later. IBM has created a fix for the flaw. Users would need to install a FixPak. To determine, whether you are affected or to download the proper FixPak, click here.