3.5
CVE-2012-2206
- EPSS 7.72%
- Published 17.08.2012 10:31:52
- Last modified 11.04.2025 00:51:21
- Source psirt@us.ibm.com
- Teams watchlist Login
- Open Login
The Web Gateway component in IBM WebSphere MQ File Transfer Edition 7.0.4 and earlier allows remote authenticated users to read files of arbitrary users via vectors involving a username in a URI, as demonstrated by a modified metadata=fteSamplesUser field to the /transfer URI.
Data is provided by the National Vulnerability Database (NVD)
Ibm ≫ Websphere Mq Version7.0 Editionfile_transfer
Ibm ≫ Websphere Mq Version7.0.0.1 Editionfile_transfer
Ibm ≫ Websphere Mq Version7.0.1.0 Editionfile_transfer
Ibm ≫ Websphere Mq Version7.0.2.0 Editionfile_transfer
Ibm ≫ Websphere Mq Version7.0.2.2 Editionfile_transfer
Ibm ≫ Websphere Mq Version7.0.4 Editionfile_transfer
Ibm ≫ Websphere Mq Version7.0.4.0 Editionfile_transfer
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 7.72% | 0.911 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 3.5 | 6.8 | 2.9 |
AV:N/AC:M/Au:S/C:P/I:N/A:N
|