Synced 17 Jun 2026 12:26 UTC Account
← All products

CVE-2012-3324

HIGH severity · CVSS 9 · Path traversal
9CVSS HIGH

Summary

Directory traversal vulnerability in the UTL_FILE module in IBM DB2 and DB2 Connect 10.1 before FP1 on Windows allows remote authenticated users to modify, delete, or read arbitrary files via a pathname in the file field.

Impact & exploitability

Attack vectorNetwork
Attack complexityLow
Privileges required
User interaction
Confidentiality impact
Integrity impact
Availability impact
Exploit probability (EPSS)4%

AV:N/AC:L/Au:S/C:C/I:C/A:C

Affected products we track (1)

IBM Db2

Recommendation

Apply the vendor fix promptly. Open any affected product above for its exact safe version.

Additional information