What is the severity of CVE-2012-3324?

CVE-2012-3324 is considered a medium severity vulnerability due to its potential to allow unauthorized access to files.

How do I fix CVE-2012-3324?

To remediate CVE-2012-3324, upgrade to IBM DB2 version 10.1 FP1 or later where the vulnerability is addressed.

Who is affected by CVE-2012-3324?

CVE-2012-3324 affects remote authenticated users of IBM DB2 and DB2 Connect 10.1 on Windows before FP1.

What types of attacks can CVE-2012-3324 facilitate?

CVE-2012-3324 can facilitate directory traversal attacks, allowing modification, deletion, or reading of arbitrary files.

Is CVE-2012-3324 applicable to all versions of IBM DB2?

No, CVE-2012-3324 specifically applies to versions of IBM DB2 and DB2 Connect 10.1 prior to FP1 on Windows.

Vulnerability/
CVE-2012-3324

critical

CWE

25/9/2012

29/8/2017

CVE-2012-3324: Path Traversal

First published: Tue Sep 25 2012(Updated: )

Directory traversal vulnerability in the UTL_FILE module in IBM DB2 and DB2 Connect 10.1 before FP1 on Windows allows remote authenticated users to modify, delete, or read arbitrary files via a pathname in the file field.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
Ibm Db2
IBM DB2 Connect	=10.1
Microsoft Windows 2000
Microsoft Windows 2003 Server
Microsoft Windows 7
Microsoft Windows Server 2008 Itanium
Microsoft Windows Vista
Microsoft Windows XP

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2012-3324?
CVE-2012-3324 is considered a medium severity vulnerability due to its potential to allow unauthorized access to files.
How do I fix CVE-2012-3324?
To remediate CVE-2012-3324, upgrade to IBM DB2 version 10.1 FP1 or later where the vulnerability is addressed.
Who is affected by CVE-2012-3324?
CVE-2012-3324 affects remote authenticated users of IBM DB2 and DB2 Connect 10.1 on Windows before FP1.
What types of attacks can CVE-2012-3324 facilitate?
CVE-2012-3324 can facilitate directory traversal attacks, allowing modification, deletion, or reading of arbitrary files.
Is CVE-2012-3324 applicable to all versions of IBM DB2?
No, CVE-2012-3324 specifically applies to versions of IBM DB2 and DB2 Connect 10.1 prior to FP1 on Windows.

agent/type
agent/first-publish-date
agent/softwarecombine
agent/last-modified-date
agent/weakness
agent/severity
agent/author
agent/references
agent/tags
agent/description
agent/event
collector/nvd-index
agent/software-canonical-lookup-request
vendor/ibm
canonical/ibm db2
canonical/ibm db2 connect
version/ibm db2 connect/10.1
vendor/microsoft
canonical/microsoft windows 2000
canonical/microsoft windows 2003 server
canonical/microsoft windows 7
canonical/microsoft windows server 2008 itanium
canonical/microsoft windows vista
canonical/microsoft windows xp

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.