CVE-2012-3324
Published Sep 25, 2012
Last updated 7 years ago
Overview
- Description
- Directory traversal vulnerability in the UTL_FILE module in IBM DB2 and DB2 Connect 10.1 before FP1 on Windows allows remote authenticated users to modify, delete, or read arbitrary files via a pathname in the file field.
- Source
- psirt@us.ibm.com
- NVD status
- Modified
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 9
- Impact score
- 10
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:C/I:C/A:C
Weaknesses
- nvd@nist.gov
- CWE-22
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5A610D9B-35CC-4D39-A2D7-C6E56DA82780"
},
{
"criteria": "cpe:2.3:a:ibm:db2_connect:10.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B343CCB4-CE4B-44D2-A04E-69031CD649EA"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "4E545C63-FE9C-4CA1-AF0F-D999D84D2AFD"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "60EC86B8-5C8C-4873-B364-FB1F8EFE1CFF"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_7:*:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "D56B932B-9593-44E2-B610-E4EB2143EB21"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "6B33C9BD-FC34-4DFC-A81F-C620D3DAA79D"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "3852BB02-47A1-40B3-8E32-8D8891A53114"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "E61F1C9B-44AF-4B35-A7B2-948EEF7639BD"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]