CVE-2012-2196Sensitive Information Exposure in IBM DB2

CWE-200Sensitive Information Exposure3 documents3 sources
Severity
5.0MEDIUMNVD
EPSS
0.6%
top 29.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM DB2
Timeline
PublishedJul 25
Latest updateMay 17

Description

IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through FP5, and 10.1 allows remote attackers to read arbitrary XML files via the (1) GET_WRAP_CFG_C or (2) GET_WRAP_CFG_C2 stored procedure.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDibm/db234 versions+33

🔴Vulnerability Details

2
GHSA
GHSA-wpq2-5ph9-v4r3: IBM DB2 92022-05-17
CVEList
CVE-2012-2196: IBM DB2 92012-07-25
CVE-2012-2196 — Sensitive Information Exposure in IBM | cvebase