CVE-2008-0699
Description
Unspecified vulnerability in the ADMIN_SP_C procedure (SYSPROC.ADMIN_SP_C) in IBM DB2 UDB before 8.2 Fixpak 16, 9.1 before FP4a, and 9.5 before FP1 allows remote authenticated users to execute arbitrary code via unspecified attack vectors.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Unspecified vulnerability in IBM DB2 UDB ADMIN_SP_C procedure allows remote authenticated users to execute arbitrary code.
Vulnerability
The vulnerability resides in the ADMIN_SP_C stored procedure (SYSPROC.ADMIN_SP_C) in IBM DB2 Universal Database. It affects versions prior to 8.2 Fixpak 16, 9.1 before Fixpak 4a, and 9.5 before Fixpak 1 [1]. The exact cause is unspecified but can be triggered by remote authenticated users.
Exploitation
An attacker must have authenticated access to the DB2 instance. Using unspecified attack vectors, the attacker can call the ADMIN_SP_C procedure to trigger the vulnerability [1]. No further details are provided in the available references.
Impact
Successful exploitation allows the attacker to execute arbitrary code on the database server. The impact includes complete compromise of the DB2 system, as arbitrary code execution can lead to data disclosure, modification, or denial of service [1].
Mitigation
IBM released fixes: upgrade to DB2 8.2 Fixpak 16, 9.1 Fixpak 4a, or 9.5 Fixpak 1 or later [1]. No workarounds are documented. Apply the appropriate patch to prevent exploitation.
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
25cpe:2.3:a:ibm:db2:8.2:fp1:*:*:*:*:*:*+ 23 more
- cpe:2.3:a:ibm:db2:8.2:fp1:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:8.2:fp10:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:8.2:fp11:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:8.2:fp12:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:8.2:fp13:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:8.2:fp14:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:8.2:fp15:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:8.2:fp16:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:8.2:fp2:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:8.2:fp3:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:8.2:fp4:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:8.2:fp5:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:8.2:fp6:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:8.2:fp7:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:8.2:fp8:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:8.2:fp9:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.1:fp1:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.1:fp2:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.1:fp2a:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.1:fp3:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.1:fp3a:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.1:fp4:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.5:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
11- www-1.ibm.com/support/docview.wssnvdPatchVendor Advisory
- www-1.ibm.com/support/docview.wssnvdPatchVendor Advisory
- www-1.ibm.com/support/docview.wssnvdPatchVendor Advisory
- ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXTnvdVendor Advisory
- secunia.com/advisories/28771nvdThird Party Advisory
- secunia.com/advisories/29022nvdThird Party Advisory
- secunia.com/advisories/29784nvdThird Party Advisory
- www.appsecinc.com/resources/alerts/db2/2008-02.shtmlnvdThird Party Advisory
- www.securityfocus.com/archive/1/491075/100/0/threadednvdThird Party AdvisoryVDB Entry
- www.vupen.com/english/advisories/2008/0401nvdThird Party Advisory
- osvdb.org/41795nvdBroken Link
News mentions
0No linked articles in our index yet.