CVE-2012-3324

CWE-22Path Traversal3 documents3 sources
Severity
9.0CRITICAL
EPSS
0.8%
top 25.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM DB2 Connect
Timeline
PublishedSep 25
Latest updateMay 17

Description

Directory traversal vulnerability in the UTL_FILE module in IBM DB2 and DB2 Connect 10.1 before FP1 on Windows allows remote authenticated users to modify, delete, or read arbitrary files via a pathname in the file field.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 8.0 | Impact: 10.0

Affected Packages1 packages

NVDibm/db2_connect10.1

🔴Vulnerability Details

2
GHSA
GHSA-5v8q-7pvx-r4g5: Directory traversal vulnerability in the UTL_FILE module in IBM DB2 and DB2 Connect 102022-05-17
CVEList
CVE-2012-3324: Directory traversal vulnerability in the UTL_FILE module in IBM DB2 and DB2 Connect 102012-09-25
CVE-2012-3324 (CRITICAL CVSS 9) | Directory traversal vulnerability i | cvebase.io