CVE-2012-2196

high

Description

IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through FP5, and 10.1 allows remote attackers to read arbitrary XML files via the (1) GET_WRAP_CFG_C or (2) GET_WRAP_CFG_C2 stored procedure.

References

http://www.securityfocus.com/bid/54487

http://www-01.ibm.com/support/docview.wss?uid=swg21600837

http://www-01.ibm.com/support/docview.wss?uid=swg1IC84751

http://www-01.ibm.com/support/docview.wss?uid=swg1IC84750

http://www-01.ibm.com/support/docview.wss?uid=swg1IC84748

http://www-01.ibm.com/support/docview.wss?uid=swg1IC84712

http://www-01.ibm.com/support/docview.wss?uid=swg1IC84614

http://secunia.com/advisories/49919

Details

Source: Mitre, NVD

Published: 2012-07-25

Updated: 2025-04-11

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High

EPSS

EPSS: 0.00619

Detections

Analytics