IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to remote code execution when jdbc url is under user control.Referenceshttps://www.ibm.com/support/pages/node/7279479