Vulnerability Description
Directory traversal vulnerability in the SQLJ.DB2_INSTALL_JAR stored procedure in IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through FP5, and 10.1 allows remote attackers to replace JAR files via unspecified vectors.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Db2 | 9.1 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/49919
- http://www-01.ibm.com/support/docview.wss?uid=swg1IC84019Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg1IC84711
- http://www-01.ibm.com/support/docview.wss?uid=swg1IC84714
- http://www-01.ibm.com/support/docview.wss?uid=swg1IC84715
- http://www-01.ibm.com/support/docview.wss?uid=swg1IC84716
- http://www-01.ibm.com/support/docview.wss?uid=swg21600837
- http://www.securityfocus.com/bid/54487
- http://secunia.com/advisories/49919
- http://www-01.ibm.com/support/docview.wss?uid=swg1IC84019Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg1IC84711
- http://www-01.ibm.com/support/docview.wss?uid=swg1IC84714
- http://www-01.ibm.com/support/docview.wss?uid=swg1IC84715
- http://www-01.ibm.com/support/docview.wss?uid=swg1IC84716
- http://www-01.ibm.com/support/docview.wss?uid=swg21600837
FAQ
What is CVE-2012-2194?
CVE-2012-2194 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Directory traversal vulnerability in the SQLJ.DB2_INSTALL_JAR stored procedure in IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through FP5, and 10.1 allows remote attackers to replac...
How severe is CVE-2012-2194?
CVE-2012-2194 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-2194?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Db2.