Vulnerability Description
IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through FP5, and 10.1 allows remote attackers to read arbitrary XML files via the (1) GET_WRAP_CFG_C or (2) GET_WRAP_CFG_C2 stored procedure.
CVSS Score
5.0
MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Db2 | 9.1 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/49919
- http://www-01.ibm.com/support/docview.wss?uid=swg1IC84614
- http://www-01.ibm.com/support/docview.wss?uid=swg1IC84712Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg1IC84748
- http://www-01.ibm.com/support/docview.wss?uid=swg1IC84750
- http://www-01.ibm.com/support/docview.wss?uid=swg1IC84751Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21600837
- http://www.securityfocus.com/bid/54487
- http://secunia.com/advisories/49919
- http://www-01.ibm.com/support/docview.wss?uid=swg1IC84614
- http://www-01.ibm.com/support/docview.wss?uid=swg1IC84712Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg1IC84748
- http://www-01.ibm.com/support/docview.wss?uid=swg1IC84750
- http://www-01.ibm.com/support/docview.wss?uid=swg1IC84751Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21600837
FAQ
What is CVE-2012-2196?
CVE-2012-2196 is a vulnerability with a CVSS score of 5.0 (MEDIUM). IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through FP5, and 10.1 allows remote attackers to read arbitrary XML files via the (1) GET_WRAP_CFG_C or (2) GET_WRAP_CFG_C2 stored proced...
How severe is CVE-2012-2196?
CVE-2012-2196 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-2196?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Db2.