Vulnerability Details : CVE-2012-2194
Directory traversal vulnerability in the SQLJ.DB2_INSTALL_JAR stored procedure in IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through FP5, and 10.1 allows remote attackers to replace JAR files via unspecified vectors.
Vulnerability category: Directory traversal
Products affected by CVE-2012-2194
- cpe:2.3:a:ibm:db2:9.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.7.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.7.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.7.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.8:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.7.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.7.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.8.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.8.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.1.0.2:a:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.1.0.7:a:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.1.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.1.0.3:a:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.1.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.1.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.1.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.1.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.1.0.6:a:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.1.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.1.0.4:a:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.1.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.1.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.5.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.5.0.2:a:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.5.0.6:a:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.5.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.5.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.5.0.3:a:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.5.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.5.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.5.0.4:a:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.5.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.5.0.3:b:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.5.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.7.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.8.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*
Threat overview for CVE-2012-2194
Top countries where our scanners detected CVE-2012-2194
Top open port discovered on systems with this issue
523
IPs affected by CVE-2012-2194 41
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2012-2194!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2012-2194
0.90%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 82 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2012-2194
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2012-2194
-
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-2194
-
http://www.securityfocus.com/bid/54487
IBM DB2 Multiple File Disclosure Security Bypass and Stack Buffer Overflow Vulnerabilities
-
http://www-01.ibm.com/support/docview.wss?uid=swg21600837
IBM Security Vulnerabilities, HIPER and Special Attention APARs fixed in DB2 for Linux, UNIX, and Windows Version 9.1 Fix Pack 12
-
http://secunia.com/advisories/49919
Sign in
-
http://www-01.ibm.com/support/docview.wss?uid=swg1IC84711
IBM IC84711: SECURITY: SQLJ.DB2_INSTALL_JAR DIRECTORY ESCAPE VULNERABILITY (CVE-2012-2194).
-
http://www-01.ibm.com/support/docview.wss?uid=swg1IC84716
IBM IC84716: SECURITY: SQLJ.DB2_INSTALL_JAR DIRECTORY ESCAPE VULNERABILITY (CVE-2012-2194).
-
http://www-01.ibm.com/support/docview.wss?uid=swg1IC84715
IBMid - Sign in or create an IBMid
-
http://www-01.ibm.com/support/docview.wss?uid=swg1IC84714
IBM IC84714: SECURITY: SQLJ.DB2_INSTALL_JAR DIRECTORY ESCAPE VULNERABILITY (CVE-2012-2194).
-
http://www-01.ibm.com/support/docview.wss?uid=swg1IC84019
IBM IC84019: SECURITY: SQLJ.DB2_INSTALL_JAR DIRECTORY ESCAPE VULNERABILITY (CVE-2012-2194).Vendor Advisory
Jump to