Information
The table function SYSPROC.AUTH_LIST_GROUPS_FOR_AUTHID returns the groups for the specified authorization ID. In a non-restrictive database this table function has EXECUTE granted to public. It is recommended that public should not be able to execute this routine.
Rationale:
A malicious user may use this function to conduct information gathering regarding the groups that users belong to.
Solution
Perform the following to revoke access from PUBLIC.
Connect to the Db2 database.
db2 => connect to <dbname>
Run the following command:
db2 => revoke EXECUTE on function
SYSPROC.AUTH_GROUPS_FOR_AUTHID from public RESTRICT