Описание
Directory traversal vulnerability in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allows local users to create arbitrary files via a .. (dot dot) in an unspecified environment variable, which is appended to "/tmp/" and used as a log file. NOTE: this issue might be related to symlink following.
Ссылки
- PatchVendor Advisory
- Patch
- PatchVendor Advisory
- Patch
Уязвимые конфигурации
Конфигурация 1Версия до 8.0 (включая)Версия до 9.1 (включая)
Одно из
cpe:2.3:a:ibm:db2_universal_database:*:fp14:*:*:*:*:*:*
cpe:2.3:a:ibm:db2_universal_database:*:*:fp2:*:*:*:*:*
EPSS
Процентиль: 16%
0.00052
Низкий
2.1 Low
CVSS2
Дефекты
CWE-22
Связанные уязвимости
github
почти 4 года назад
Directory traversal vulnerability in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allows local users to create arbitrary files via a .. (dot dot) in an unspecified environment variable, which is appended to "/tmp/" and used as a log file. NOTE: this issue might be related to symlink following.
EPSS
Процентиль: 16%
0.00052
Низкий
2.1 Low
CVSS2
Дефекты
CWE-22