The host is installed with IBM DB2 9.1 before FP12 or 9.5 through FP9 or 9.7 through FP6 or 10.1 and is prone to directory traversal vulnerability. A flaw is present in the application, which fails to handle SQLJ.DB2_INSTALL_JAR stored procedure. Successful exploitation allows remote attackers to replace JAR files via unspecified vectors.