3.5

CVE-2012-2206

Exploit

EPSS 7.72%
Veröffentlicht 17.08.2012 10:31:52
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle psirt@us.ibm.com
CVE-Watchlists
Login
Unerledigt
Login

The Web Gateway component in IBM WebSphere MQ File Transfer Edition 7.0.4 and earlier allows remote authenticated users to read files of arbitrary users via vectors involving a username in a URI, as demonstrated by a modified metadata=fteSamplesUser field to the /transfer URI.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ibm ≫ Websphere Mq Version7.0 Editionfile_transfer

Ibm ≫ Websphere Mq Version7.0.0.1 Editionfile_transfer

Ibm ≫ Websphere Mq Version7.0.1.0 Editionfile_transfer

Ibm ≫ Websphere Mq Version7.0.2.0 Editionfile_transfer

Ibm ≫ Websphere Mq Version7.0.2.2 Editionfile_transfer

Ibm ≫ Websphere Mq Version7.0.4 Editionfile_transfer

Ibm ≫ Websphere Mq Version7.0.4.0 Editionfile_transfer

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	7.72%	0.911

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	3.5	6.8	2.9	AV:N/AC:M/Au:S/C:P/I:N/A:N

http://www-01.ibm.com/support/docview.wss?uid=swg1IC82761

http://www.exploit-db.com/exploits/20478/

Exploit

http://www.ibm.com/support/docview.wss?uid=swg21607481

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/77095

https://nvd.nist.gov/vuln/detail/CVE-2012-2206

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2012-2206

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2012-2206

EUVD