CVE-2012-3324

Published Sep 25, 2012

Last updated 3 months ago

CVSS info 9.0

Overview

Description: Directory traversal vulnerability in the UTL_FILE module in IBM DB2 and DB2 Connect 10.1 before FP1 on Windows allows remote authenticated users to modify, delete, or read arbitrary files via a pathname in the file field.
Source: psirt@us.ibm.com
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 9
Impact score: 10
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-22

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5A610D9B-35CC-4D39-A2D7-C6E56DA82780"
          },
          {
            "criteria": "cpe:2.3:a:ibm:db2_connect:10.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B343CCB4-CE4B-44D2-A04E-69031CD649EA"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "4E545C63-FE9C-4CA1-AF0F-D999D84D2AFD"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "60EC86B8-5C8C-4873-B364-FB1F8EFE1CFF"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_7:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D56B932B-9593-44E2-B610-E4EB2143EB21"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "6B33C9BD-FC34-4DFC-A81F-C620D3DAA79D"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "3852BB02-47A1-40B3-8E32-8D8891A53114"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E61F1C9B-44AF-4B35-A7B2-948EEF7639BD"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References