Lucene search

[email protected]CVE-2012-3324

HistorySep 25, 2012 - 8:55 p.m.

CVE-2012-3324

2012-09-2520:55:00

CWE-22

[email protected]

web.nvd.nist.gov

cve-2012-3324

nvd

utl_file module

ibm db2

db2 connect

directory traversal

windows

authenticated users

file modification

file deletion

file reading

8.7 High

AI Score

Confidence

High

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.002 Low

EPSS

Percentile

60.4%

JSON

Directory traversal vulnerability in the UTL_FILE module in IBM DB2 and DB2 Connect 10.1 before FP1 on Windows allows remote authenticated users to modify, delete, or read arbitrary files via a pathname in the file field.

CPENameOperatorVersion
ibm:db2ibm db2eq*
ibm:db2_connectibm db2 connecteq10.1

CPE	Name	Operator	Version
ibm:db2	ibm db2	eq	*
ibm:db2_connect	ibm db2 connect	eq	10.1

References

www-01.ibm.com/support/docview.wss?uid=swg1IC85513

www-01.ibm.com/support/docview.wss?uid=swg21611040

exchange.xforce.ibmcloud.com/vulnerabilities/77924

8.7 High

AI Score

Confidence

High

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.002 Low

EPSS

Percentile

60.4%

JSON

Related for CVE-2012-3324

prion1 ubuntucve1 ibm3 openvas1 cvelist1 nessus1