CVE-2007-4271

Severity CVSS v4.0:
Pending analysis
Type:
CWE-22 Path Traversal
Publication date:
18/08/2007
Last modified:
09/04/2025

Description

Directory traversal vulnerability in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allows local users to create arbitrary files via a .. (dot dot) in an unspecified environment variable, which is appended to "/tmp/" and used as a log file. NOTE: this issue might be related to symlink following.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:ibm:db2_universal_database:*:fp14:*:*:*:*:*:* 8.0 (including)
cpe:2.3:a:ibm:db2_universal_database:*:*:fp2:*:*:*:*:* 9.1 (including)