Vulnerability Details : CVE-2012-2197
Stack-based buffer overflow in the Java Stored Procedure infrastructure in IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through FP5, and 10.1 allows remote authenticated users to execute arbitrary code by leveraging certain CONNECT and EXECUTE privileges.
Vulnerability category: OverflowExecute code
Exploit prediction scoring system (EPSS) score for CVE-2012-2197
Probability of exploitation activity in the next 30 days: 6.34%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 93 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2012-2197
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|
|
7.1
|
HIGH | AV:N/AC:H/Au:S/C:C/I:C/A:C |
3.9
|
10.0
|
[email protected] |
CWE ids for CVE-2012-2197
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: [email protected] (Primary)
References for CVE-2012-2197
- http://www.securityfocus.com/bid/54487
-
http://www-01.ibm.com/support/docview.wss?uid=swg1IC84754
- http://www-01.ibm.com/support/docview.wss?uid=swg21600837
-
http://www-01.ibm.com/support/docview.wss?uid=swg1IC84755
- http://secunia.com/advisories/49919
-
http://www-01.ibm.com/support/docview.wss?uid=swg1IC84555
Vendor Advisory
-
http://www-01.ibm.com/support/docview.wss?uid=swg1IC84753
-
http://www-01.ibm.com/support/docview.wss?uid=swg1IC84752
Products affected by CVE-2012-2197
- cpe:2.3:a:ibm:db2:9.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.7.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.7.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.7.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.8:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.7.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.7.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.8.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.8.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.1.0.2:a:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.1.0.7:a:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.1.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.1.0.3:a:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.1.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.1.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.1.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.1.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.1.0.6:a:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.1.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.1.0.4:a:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.1.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.1.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.5.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.5.0.2:a:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.5.0.6:a:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.5.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.5.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.5.0.3:a:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.5.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.5.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.5.0.4:a:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.5.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.5.0.3:b:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.5.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.7.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:9.8.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*