Information
The SYSCAT.STATEMENTS contains all SQL statements of a compiled package. It is recommended that the PUBLIC role be restricted from accessing this view.
PUBLIC should not have access to the source code or the SQL statements of a database package. This could lead to an exploit.
Solution
Perform the following to revoke access from PUBLIC.
1. Connect to the DB2 database.
db2 => connect to $DB2INSTANCE user $USERNAME using $PASSWORD
2. Run the following command from the DB2 command window:
db2 => REVOKE SELECT ON SYSCAT.STATEMENTS FROM PUBLIC