Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3317

Overview

Vulnerability Score 6.9 6.9
CVE Id CVE-2012-3317
Last Modified 05 Dec 2012 12:00:00
Published 05 Dec 2012 06:57:14
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2012-3317

Summary

IBM WebSphere Message Broker 6.1 before 6.1.0.11, 7.0 before 7.0.0.5, and 8.0 before 8.0.0.2 has incorrect ownership of certain uninstaller Java Runtime Environment (JRE) files, which might allow local users to gain privileges by leveraging access to uid 501 or gid 300.

Vulnerable Systems

Application

  • Ibm Websphere Message Broker 6.1

  • Ibm Websphere Message Broker 6.1.0.1

  • Ibm Websphere Message Broker 6.1.0.10

  • Ibm Websphere Message Broker 6.1.0.2

  • Ibm Websphere Message Broker 6.1.0.3

  • Ibm Websphere Message Broker 6.1.0.4

  • Ibm Websphere Message Broker 6.1.0.5

  • Ibm Websphere Message Broker 6.1.0.6

  • Ibm Websphere Message Broker 6.1.0.7

  • Ibm Websphere Message Broker 6.1.0.8

  • Ibm Websphere Message Broker 6.1.0.9

  • Ibm Websphere Message Broker 7.0.

  • Ibm Websphere Message Broker 7.0.0.1

  • Ibm Websphere Message Broker 7.0.0.2

  • Ibm Websphere Message Broker 7.0.0.3

  • Ibm Websphere Message Broker 7.0.0.4

  • Ibm Websphere Message Broker 8.0

  • Ibm Websphere Message Broker 8.0.0.1


References

XF - wmb-uninstallerjvm-privilege-escalation(77818)

CONFIRM - http://www.ibm.com/support/docview.wss?uid=swg21611401

AIXAPAR - IC85477


Last Updated: 27 May 2016 11:01:26