CVE-2012-2196 - Frangible Sleezeball

Description

IBM DB2 9.1 before FP12 9.5 through FP9 9.7 through FP6 9.8 through FP5 and 10.1 allows remote attackers to read arbitrary XML files via the (1) GET_WRAP_CFG_C or (2) GET_WRAP_CFG_C2 stored procedure.

Reference

http://www-01.ibm.com/support/docview.wss?uid=swg1IC84614 http://www-01.ibm.com/support/docview.wss?uid=swg1IC84712 http://www-01.ibm.com/support/docview.wss?uid=swg21600837 http://www-01.ibm.com/support/docview.wss?uid=swg1IC84751 http://www-01.ibm.com/support/docview.wss?uid=swg1IC84748 http://www-01.ibm.com/support/docview.wss?uid=swg1IC84750 http://www.securityfocus.com/bid/54487 http://secunia.com/advisories/49919