Directory Traversal Vulnerability in IBM DB2 and DB2 Connect
CVE-2012-3324

Currently unrated

Key Information:

Vendor: IBM
Status: Db2; Db2 Connect
Vendor: CVE Published:; 25 September 2012

Summary

The directory traversal vulnerability in the UTL_FILE module of IBM DB2 and DB2 Connect 10.1 before FP1 on Windows allows remote authenticated users to gain unauthorized access to the system. By manipulating the file field in pathnames, an attacker can potentially read, modify, or delete arbitrary files on the server, posing significant risks to data security and integrity. Prompt updates and security measures are necessary to mitigate exposure to this vulnerability.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21611040

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/77924

vdb-entryx_refsource_XF

http://www-01.ibm.com/support/docview.wss?uid=swg1IC85513

vendor-advisoryx_refsource_AIXAPAR

Timeline

Vulnerability published
Sep 25, 2012
Vulnerability Reserved
Jun 7, 2012