Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2206

Overview

Vulnerability Score 3.5 3.5
CVE Id CVE-2012-2206
Last Modified 17 Aug 2012 12:00:00
Published 17 Aug 2012 06:31:52
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2012-2206

Summary

The Web Gateway component in IBM WebSphere MQ File Transfer Edition 7.0.4 and earlier allows remote authenticated users to read files of arbitrary users via vectors involving a username in a URI, as demonstrated by a modified metadata=fteSamplesUser field to the /transfer URI.

Vulnerable Systems

Application

  • Ibm Websphere Mq 7.0

  • Ibm Websphere Mq 7.0.0.1

  • Ibm Websphere Mq 7.0.1.0

  • Ibm Websphere Mq 7.0.2.0

  • Ibm Websphere Mq 7.0.2.2

  • Ibm Websphere Mq 7.0.4

  • Ibm Websphere Mq 7.0.4.0


References

XF - wmq-ftewg-security-bypass(77095)

CONFIRM - http://www.ibm.com/support/docview.wss?uid=swg21607481

EXPLOIT-DB - 20478

AIXAPAR - IC82761


Last Updated: 27 May 2016 10:47:12