CVE-2012-2194

Directory traversal vulnerability in the SQLJ.DB2_INSTALL_JAR stored procedure in IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through FP5, and 10.1 allows remote attackers to replace JAR files via unspecified vectors.

Published: Jul 25, 2012
Updated: Nov 9, 2025
CVE: CVE-2012-2194
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:P/A:N

CWEs:

CWE-22

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
ibm / db2	9.1.0.2-a	9.1.0.2-a.x
ibm / db2	9.1	9.1.x
ibm / db2	9.1.0.4	9.1.0.4.x
ibm / db2	9.1.0.2	9.1.0.2.x
ibm / db2	9.1.0.3-a	9.1.0.3-a.x
ibm / db2	9.1.0.7	9.1.0.7.x
ibm / db2	9.1.0.7-a	9.1.0.7-a.x
ibm / db2	9.1.0.5	9.1.0.5.x
ibm / db2	9.1.0.8	9.1.0.8.x
ibm / db2	9.1.0.10	9.1.0.10.x
ibm / db2	9.1.0.3	9.1.0.3.x
ibm / db2	9.1.0.1	9.1.0.1.x
ibm / db2	9.1.0.11	9.1.0.11.x
ibm / db2	9.1.0.6	9.1.0.6.x
ibm / db2	9.1.0.6-a	9.1.0.6-a.x
ibm / db2	9.1.0.9	9.1.0.9.x
ibm / db2	9.1.0.4-a	9.1.0.4-a.x
ibm / db2	9.5	9.5.x
ibm / db2	9.5.0.1	9.5.0.1.x
ibm / db2	9.5.0.7	9.5.0.7.x
ibm / db2	9.5.0.9	9.5.0.9.x
ibm / db2	9.5.0.3-b	9.5.0.3-b.x
ibm / db2	9.5.0.4	9.5.0.4.x
ibm / db2	9.5.0.4-a	9.5.0.4-a.x
ibm / db2	9.5.0.6-a	9.5.0.6-a.x
ibm / db2	9.5.0.3-a	9.5.0.3-a.x
ibm / db2	9.5.0.5	9.5.0.5.x
ibm / db2	9.5.0.2-a	9.5.0.2-a.x
ibm / db2	9.5.0.8	9.5.0.8.x
ibm / db2	9.5.0.2	9.5.0.2.x
ibm / db2	9.5.0.3	9.5.0.3.x
ibm / db2	9.7.0.6	9.7.0.6.x
ibm / db2	9.7.0.3	9.7.0.3.x
ibm / db2	9.7.0.4	9.7.0.4.x
ibm / db2	9.7.0.1	9.7.0.1.x
ibm / db2	9.7.0.2	9.7.0.2.x
ibm / db2	9.7.0.5	9.7.0.5.x
ibm / db2	9.7	9.7.x
ibm / db2	9.8.0.4	9.8.0.4.x
ibm / db2	9.8.0.3	9.8.0.3.x
ibm / db2	9.8.0.5	9.8.0.5.x
ibm / db2	9.8	9.8.x
ibm / db2	10.1	10.1.x

Vulnerability Database

315,294

CVE-2012-2194

Deep Security Visibility Without the Complexity