IBM says there is no workaround for the flaw and that if users don't apply the patch their system "is susceptible to a security vulnerability," according to a statement currently posted on IBM's Web site.
IBM says the flaw could allow local users to write to, or alter, any file on a company's system.
The same vulnerability exists in DB2 version 8, IBM cautions. However, a fix for that version won't be available until April, IBM says.
Released back in June 2006, DB2 9 is touted as an improvement over previous versions as it was designed as more of a self-governing, self-fixing database system that can self-tune the amount of memory assigned to a database.