CVE-2012-2194

IBM DB2 9.1-10.1 - Path Traversal via SQLJ.DB2_INSTALL_JAR Stored Procedure

Title source: llm
STIX 2.1

Description

Directory traversal vulnerability in the SQLJ.DB2_INSTALL_JAR stored procedure in IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through FP5, and 10.1 allows remote attackers to replace JAR files via unspecified vectors.

References (8)

Core 8
Core References
Various Sources vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IC84711
Various Sources vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IC84714
Various Sources vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IC84715
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/49919
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/54487
Various Sources x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21600837
Vendor Advisory vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IC84019
Various Sources vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IC84716

Scores

EPSS 0.0314
EPSS Percentile 86.4%

Details

CWE
CWE-22
Status published
Products (34)
ibm/db2 9.1
ibm/db2 9.1.0.1
ibm/db2 9.1.0.2 (2 CPE variants)
ibm/db2 9.1.0.3 (2 CPE variants)
ibm/db2 9.1.0.4 (2 CPE variants)
ibm/db2 9.1.0.5
ibm/db2 9.1.0.6 (2 CPE variants)
ibm/db2 9.1.0.7 (2 CPE variants)
ibm/db2 9.1.0.8
ibm/db2 9.1.0.9
... and 24 more
Published Jul 25, 2012
Tracked Since Feb 18, 2026