CVE-2012-3324

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2012-3324
Directory traversal vulnerability in the UTL_FILE module in IBM DB2 and DB2 Connect 10.1 before FP1 on Windows allows remote authenticated users to modify, delete, or read arbitrary files via a pathname in the file field.

9.0 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:S/C:C/I:C/A:C

Exploitability : 8.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://www-01.ibm.com/support/docview.wss?uid=swg1IC85513 Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21611040 Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/77924
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:db2_connect:10.1:*:*:*:*:*:*:*
OR cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_7:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:*:*
History

No history.

Information

Published : 2012-09-25 20:55

Updated : 2017-08-29 01:31

NVD link : CVE-2012-3324

Mitre link : CVE-2012-3324

CVE.ORG link : CVE-2012-3324

JSON object : View

Products Affected

ibm

  • db2
  • db2_connect

microsoft

  • windows_vista
  • windows_xp
  • windows_7
  • windows_2003_server
  • windows_2000
  • windows_server_2008
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')