3.3 Low
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:N/I:P/A:P
A vulnerability in Apache Commons FileUpload component potentially affects IBM WebSphere MQ Managed File Transfer.
CVEID: CVE-2013-0248**
DESCRIPTION:** Apache Commons FileUpload could allow a local attacker to launch a symlink attack. Temporary files are created insecurely. A local attacker could exploit this vulnerability by creating a symbolic link from a temporary file to various files on the system, which could allow the attacker to overwrite arbitrary files on the system with elevated privileges.
CVSS Base Score: 3.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/82618 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:M/Au:N/C:N/I:P/A:P)
IBM WebSphere MQ 8.0
Fixpack 8.0.0.3 and previous maintenance levels
IBM WebSphere MQ 7.5
Fixpack 7.5.0.5 and previous maintenance levels
IBM WebSphere MQ 8.0
Apply fixpack 8.0.0.4 or later maintenance
IBM WebSphere MQ 7.5
Apply fixpack 7.5.0.6 or later maintenance
CPE | Name | Operator | Version |
---|---|---|---|
websphere mq | eq | 8.0 | |
websphere mq | eq | 7.5 |