Lucene search

[email protected]NVD:CVE-2012-2206

HistoryAug 17, 2012 - 10:31 a.m.

CVE-2012-2206

2012-08-1710:31:52

CWE-264

[email protected]

web.nvd.nist.gov

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

6 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

57.4%

JSON

The Web Gateway component in IBM WebSphere MQ File Transfer Edition 7.0.4 and earlier allows remote authenticated users to read files of arbitrary users via vectors involving a username in a URI, as demonstrated by a modified metadata=fteSamplesUser field to the /transfer URI.

Affected configurations

NVD

Node

ibmwebsphere_mqMatch7.0file_transfer

ibmwebsphere_mqMatch7.0.0.1file_transfer

ibmwebsphere_mqMatch7.0.1.0file_transfer

ibmwebsphere_mqMatch7.0.2.0file_transfer

ibmwebsphere_mqMatch7.0.2.2file_transfer

ibmwebsphere_mqMatch7.0.4file_transfer

ibmwebsphere_mqMatch7.0.4.0file_transfer

References

www-01.ibm.com/support/docview.wss?uid=swg1IC82761

www.exploit-db.com/exploits/20478/

www.ibm.com/support/docview.wss?uid=swg21607481

exchange.xforce.ibmcloud.com/vulnerabilities/77095

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

6 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

57.4%

JSON

Related for NVD:CVE-2012-2206

cvelist1 packetstorm1 prion1 cve1 ibm2