CVE-2012-2194
IBM DB2 9.1-10.1 - Path Traversal via SQLJ.DB2_INSTALL_JAR Stored Procedure
Title source: llmDescription
Directory traversal vulnerability in the SQLJ.DB2_INSTALL_JAR stored procedure in IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through FP5, and 10.1 allows remote attackers to replace JAR files via unspecified vectors.
References (8)
Core 8
Core References
Various Sources vendor-advisory
x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IC84711
Various Sources vendor-advisory
x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IC84714
Various Sources vendor-advisory
x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IC84715
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/49919
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/54487
Various Sources x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21600837
Vendor Advisory vendor-advisory
x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IC84019
Various Sources vendor-advisory
x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IC84716
Scores
EPSS
0.0314
EPSS Percentile
86.4%
Details
CWE
CWE-22
Status
published
Products (34)
ibm/db2
9.1
ibm/db2
9.1.0.1
ibm/db2
9.1.0.2 (2 CPE variants)
ibm/db2
9.1.0.3 (2 CPE variants)
ibm/db2
9.1.0.4 (2 CPE variants)
ibm/db2
9.1.0.5
ibm/db2
9.1.0.6 (2 CPE variants)
ibm/db2
9.1.0.7 (2 CPE variants)
ibm/db2
9.1.0.8
ibm/db2
9.1.0.9
... and 24 more
Published
Jul 25, 2012
Tracked Since
Feb 18, 2026