CVE-2012-2194

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2012-2194
Directory traversal vulnerability in the SQLJ.DB2_INSTALL_JAR stored procedure in IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through FP5, and 10.1 allows remote attackers to replace JAR files via unspecified vectors.

5.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References
Link Resource
http://secunia.com/advisories/49919
http://www-01.ibm.com/support/docview.wss?uid=swg1IC84019 Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg1IC84711
http://www-01.ibm.com/support/docview.wss?uid=swg1IC84714
http://www-01.ibm.com/support/docview.wss?uid=swg1IC84715
http://www-01.ibm.com/support/docview.wss?uid=swg1IC84716
http://www-01.ibm.com/support/docview.wss?uid=swg21600837
http://www.securityfocus.com/bid/54487
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ibm:db2:9.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:9.1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:9.1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:9.1.0.2:a:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:9.1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:9.1.0.3:a:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:9.1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:9.1.0.4:a:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:9.1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:9.1.0.6:*:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:9.1.0.6:a:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:9.1.0.7:*:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:9.1.0.7:a:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:9.1.0.8:*:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:9.1.0.9:*:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:9.1.0.10:*:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:9.1.0.11:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:ibm:db2:9.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:9.5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:9.5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:9.5.0.2:a:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:9.5.0.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:9.5.0.3:a:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:9.5.0.3:b:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:9.5.0.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:9.5.0.4:a:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:9.5.0.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:9.5.0.6:a:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:9.5.0.7:*:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:9.5.0.8:*:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:9.5.0.9:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:9.7.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:9.7.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:9.7.0.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:9.7.0.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:9.7.0.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:9.7.0.6:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:a:ibm:db2:9.8:*:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:9.8.0.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:9.8.0.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:9.8.0.5:*:*:*:*:*:*:*

Configuration 5 (hide)

cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*
History

No history.

Information

Published : 2012-07-25 10:42

Updated : 2023-12-10 11:16

NVD link : CVE-2012-2194

Mitre link : CVE-2012-2194

CVE.ORG link : CVE-2012-2194

JSON object : View

Products Affected

ibm

  • db2
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')