Path Traversal in Ibm Db2

CVE-2012-3324

Directory traversal vulnerability in the UTL_FILE module in IBM DB2 and DB2 Connect 10.1 before FP1 on Windows allows remote authenticated users to modify, delete, or read arbitrary files via a pathname in the file field.

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.002 (46.7th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

CWE-22 — Path Traversal

References

psirt@us.ibm.com (x_refsource_CONFIRM, Vendor Advisory)
db2-utlfile-dir-traversal(77924) (vdb-entry, x_refsource_XF)
IC85513 (vendor-advisory, x_refsource_AIXAPAR, Vendor Advisory)