PT-2012-3873 · Ibm · Ibm Db2
Published
2012-07-25
·
Updated
2017-12-22
·
CVE-2012-2196
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
IBM DB2 versions 9.1 before FP12
IBM DB2 versions 9.5 through FP9
IBM DB2 versions 9.7 through FP6
IBM DB2 versions 9.8 through FP5
IBM DB2 versions 10.1
Description
The issue allows remote attackers to read arbitrary XML files. This is achieved via the (1) GET WRAP CFG C or (2) GET WRAP CFG C2 stored procedure.
Recommendations
For IBM DB2 version 9.1, update to FP12 or later.
For IBM DB2 version 9.5, update to FP9 or later.
For IBM DB2 version 9.7, update to FP6 or later.
For IBM DB2 version 9.8, update to FP5 or later.
For IBM DB2 version 10.1, there is no information about a newer version that contains a fix for this issue.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Db2