cve-2012-2197
Vulnerability from cvelistv5
Published
2012-07-25 10:00
Modified
2024-08-06 19:26
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in the Java Stored Procedure infrastructure in IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through FP5, and 10.1 allows remote authenticated users to execute arbitrary code by leveraging certain CONNECT and EXECUTE privileges.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:26:09.025Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "IC84753",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC84753"
},
{
"name": "IC84754",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC84754"
},
{
"name": "49919",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49919"
},
{
"name": "54487",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/54487"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21600837"
},
{
"name": "IC84755",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC84755"
},
{
"name": "IC84555",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC84555"
},
{
"name": "IC84752",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC84752"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-07-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the Java Stored Procedure infrastructure in IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through FP5, and 10.1 allows remote authenticated users to execute arbitrary code by leveraging certain CONNECT and EXECUTE privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-21T17:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "IC84753",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC84753"
},
{
"name": "IC84754",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC84754"
},
{
"name": "49919",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49919"
},
{
"name": "54487",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/54487"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21600837"
},
{
"name": "IC84755",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC84755"
},
{
"name": "IC84555",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC84555"
},
{
"name": "IC84752",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC84752"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2012-2197",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the Java Stored Procedure infrastructure in IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through FP5, and 10.1 allows remote authenticated users to execute arbitrary code by leveraging certain CONNECT and EXECUTE privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "IC84753",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC84753"
},
{
"name": "IC84754",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC84754"
},
{
"name": "49919",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49919"
},
{
"name": "54487",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/54487"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21600837",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21600837"
},
{
"name": "IC84755",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC84755"
},
{
"name": "IC84555",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC84555"
},
{
"name": "IC84752",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC84752"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2012-2197",
"datePublished": "2012-07-25T10:00:00",
"dateReserved": "2012-04-04T00:00:00",
"dateUpdated": "2024-08-06T19:26:09.025Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2012-2197\",\"sourceIdentifier\":\"psirt@us.ibm.com\",\"published\":\"2012-07-25T10:42:34.837\",\"lastModified\":\"2024-11-21T01:38:41.367\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Stack-based buffer overflow in the Java Stored Procedure infrastructure in IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through FP5, and 10.1 allows remote authenticated users to execute arbitrary code by leveraging certain CONNECT and EXECUTE privileges.\"},{\"lang\":\"es\",\"value\":\"Un desbordamiento de b\u00fafer basado en pila en la infraestructura de procedimiento almacenado de Java (\u0027Java Stored Procedure infrastructure\u0027) en IBM DB2 v9.1 antes de FP12, v9.5 a FP9, v9.7 a FP6, v9.8 a FP5, y v10.1 permite a usuarios remotos autenticados ejecutar c\u00f3digo de su elecci\u00f3n aprovech\u00e1ndose de ciertos privilegios CONNECT y EXECUTE.\\r\\n\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:S/C:C/I:C/A:C\",\"baseScore\":7.1,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":3.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:db2:9.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B28091A-8772-41DC-9D91-D5359CDDA7A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:db2:9.1.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"04A3E057-5DD6-494F-9195-BB57BA107877\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:db2:9.1.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0B2D2913-079E-41D5-975D-DB62309ED9BE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:db2:9.1.0.2:a:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A7D0F90-0DEB-49BD-B753-BB832B0554CA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:db2:9.1.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EAC88935-B62C-4510-8246-2E0E9D63DF57\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:db2:9.1.0.3:a:*:*:*:*:*:*\",\"matchCriteriaId\":\"A687DD0E-0212-4F2F-AF24-8DCB3AF60C3E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:db2:9.1.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D2FAF674-6583-4BA1-BE1F-6CF14D129036\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:db2:9.1.0.4:a:*:*:*:*:*:*\",\"matchCriteriaId\":\"FC4C04EA-8A95-423E-9EDC-1F29B42C8065\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:db2:9.1.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E1D21588-6838-48A3-86E5-1ADFE71951E5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:db2:9.1.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CB96916D-C245-4CEA-B435-FAF4454E3251\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:db2:9.1.0.6:a:*:*:*:*:*:*\",\"matchCriteriaId\":\"C6814580-113F-498D-AC07-425C970059DF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:db2:9.1.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51CE1063-6DAF-484D-A0B2-6F4D6F18B39B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:db2:9.1.0.7:a:*:*:*:*:*:*\",\"matchCriteriaId\":\"15E1897A-FEC0-47CB-AC32-0787A8B236B8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:db2:9.1.0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"87956B68-68C7-4CEB-AA74-454F1DC26DBE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:db2:9.1.0.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"252B1BCD-D326-4425-A923-B05BB32D08BB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:db2:9.1.0.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8E8D741D-4F55-4BE4-ADA6-ADDAC02E5A1E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:db2:9.1.0.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8336EA8D-BD3C-4B25-80C1-A85F64328039\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:db2:9.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"11ABF7CC-2FA5-4F2D-901A-2D0EF5B8E717\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:db2:9.5.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"95D26FF3-1D40-49D6-A5BB-284FE1B89288\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:db2:9.5.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C7A2E9C9-8EB4-4127-8278-E976D4D3B7C2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:db2:9.5.0.2:a:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC1ED577-3F11-415F-90C8-62B9EC21CA08\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:db2:9.5.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9E054B24-704E-4C05-8E58-3FE0A04D84EC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:db2:9.5.0.3:a:*:*:*:*:*:*\",\"matchCriteriaId\":\"4C72E084-0266-4389-B8BB-202292D47DB4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:db2:9.5.0.3:b:*:*:*:*:*:*\",\"matchCriteriaId\":\"008B98FD-1DE2-4323-B20E-7BD422EB6771\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:db2:9.5.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E12C4D6E-7AF9-44F9-9389-F9CA7409C41F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:db2:9.5.0.4:a:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A1C889C-885B-4DB3-A5F4-89A0B1DE0F47\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:db2:9.5.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C13BB7FD-718B-499E-87C7-637D2A2E3D5E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:db2:9.5.0.6:a:*:*:*:*:*:*\",\"matchCriteriaId\":\"267FE109-013A-482E-8078-161FA0991973\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:db2:9.5.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C2F30C1B-0799-49A2-BAA5-26A6030B7682\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:db2:9.5.0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C4E4D16-3C35-42BD-A131-AF0DFC2D20AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:db2:9.5.0.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B7D92A9-BC9A-4F56-AEA6-CE06C7688070\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:db2:9.7.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A8A8E221-7045-4BAD-9B29-ABBC5216559D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:db2:9.7.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"56C39DC1-AD23-4F26-9727-EC0FBDF84BEE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:db2:9.7.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2513D42C-E558-4CC7-88D3-BB44F1B40157\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:db2:9.7.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F441BE8-AEC0-44F0-875E-03C65A45CF68\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:db2:9.7.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"036E9715-CFAA-4F2A-B432-181EDCA3D812\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:db2:9.7.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A55FBA0-4DFC-493D-91EF-EB56C241F9CE\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:db2:9.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D72D43DB-9A92-4E12-853B-F5FC9421D5EA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:db2:9.8.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"734E79E6-4A83-4CBF-B8B3-2D6D4491728E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:db2:9.8.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3631F758-5C8F-4D24-81C1-D6146B0209CB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:db2:9.8.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3CB6E617-98EA-4944-9211-FFEE9E50FE55\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2952EB24-A015-4EC7-85E3-88588D0AB15B\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/49919\",\"source\":\"psirt@us.ibm.com\"},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg1IC84555\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg1IC84752\",\"source\":\"psirt@us.ibm.com\"},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg1IC84753\",\"source\":\"psirt@us.ibm.com\"},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg1IC84754\",\"source\":\"psirt@us.ibm.com\"},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg1IC84755\",\"source\":\"psirt@us.ibm.com\"},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg21600837\",\"source\":\"psirt@us.ibm.com\"},{\"url\":\"http://www.securityfocus.com/bid/54487\",\"source\":\"psirt@us.ibm.com\"},{\"url\":\"http://secunia.com/advisories/49919\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg1IC84555\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg1IC84752\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg1IC84753\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg1IC84754\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg1IC84755\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg21600837\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/54487\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.