CVE-2012-2196

IBM DB2 9.1-10.1 - Unauthenticated Arbitrary XML File Read via GET_WRAP_CFG_C Stored Procedure

Title source: llm
STIX 2.1

Description

IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through FP5, and 10.1 allows remote attackers to read arbitrary XML files via the (1) GET_WRAP_CFG_C or (2) GET_WRAP_CFG_C2 stored procedure.

References (8)

Core 8
Core References
Vendor Advisory vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IC84712
Vendor Advisory vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IC84751
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/49919
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/54487
Various Sources x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21600837
Various Sources vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IC84614
Various Sources vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IC84750
Various Sources vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IC84748

Scores

EPSS 0.0240
EPSS Percentile 82.1%

Details

CWE
CWE-200
Status published
Products (34)
ibm/db2 9.1
ibm/db2 9.1.0.1
ibm/db2 9.1.0.2 (2 CPE variants)
ibm/db2 9.1.0.3 (2 CPE variants)
ibm/db2 9.1.0.4 (2 CPE variants)
ibm/db2 9.1.0.5
ibm/db2 9.1.0.6 (2 CPE variants)
ibm/db2 9.1.0.7 (2 CPE variants)
ibm/db2 9.1.0.8
ibm/db2 9.1.0.9
... and 24 more
Published Jul 25, 2012
Tracked Since Feb 18, 2026