Vulnerability Description
Directory traversal vulnerability in the UTL_FILE module in IBM DB2 and DB2 Connect 10.1 before FP1 on Windows allows remote authenticated users to modify, delete, or read arbitrary files via a pathname in the file field.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Db2 | All versions |
| Ibm | Db2 Connect | 10.1 |
| Microsoft | Windows 2000 | All versions |
| Microsoft | Windows 2003 Server | All versions |
| Microsoft | Windows 7 | All versions |
| Microsoft | Windows Server 2008 | All versions |
| Microsoft | Windows Vista | All versions |
| Microsoft | Windows Xp | All versions |
Related Weaknesses (CWE)
References
- http://www-01.ibm.com/support/docview.wss?uid=swg1IC85513Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21611040Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/77924
- http://www-01.ibm.com/support/docview.wss?uid=swg1IC85513Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21611040Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/77924
FAQ
What is CVE-2012-3324?
CVE-2012-3324 is a vulnerability with a CVSS score of 9.0 (HIGH). Directory traversal vulnerability in the UTL_FILE module in IBM DB2 and DB2 Connect 10.1 before FP1 on Windows allows remote authenticated users to modify, delete, or read arbitrary files via a pathna...
How severe is CVE-2012-3324?
CVE-2012-3324 has been rated HIGH with a CVSS base score of 9.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-3324?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Db2, Ibm Db2 Connect, Microsoft Windows 2000, Microsoft Windows 2003 Server, Microsoft Windows 7.