CVE-2012-2206
Published Aug 17, 2012
Last updated 7 years ago
Overview
- Description
- The Web Gateway component in IBM WebSphere MQ File Transfer Edition 7.0.4 and earlier allows remote authenticated users to read files of arbitrary users via vectors involving a username in a URI, as demonstrated by a modified metadata=fteSamplesUser field to the /transfer URI.
- Source
- psirt@us.ibm.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 3.5
- Impact score
- 2.9
- Exploitability score
- 6.8
- Vector string
- AV:N/AC:M/Au:S/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- CWE-264
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_mq:7.0:*:file_transfer:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CCC205E7-DEEF-4217-A0F8-060EA98B6D17"
},
{
"criteria": "cpe:2.3:a:ibm:websphere_mq:7.0.0.1:*:file_transfer:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7FADD25C-32BB-4E6B-B07F-F0E2D45602EC"
},
{
"criteria": "cpe:2.3:a:ibm:websphere_mq:7.0.1.0:*:file_transfer:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "98A1AA9D-F576-43C9-91AD-BC8CEB427A07"
},
{
"criteria": "cpe:2.3:a:ibm:websphere_mq:7.0.2.0:*:file_transfer:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "97B0EF19-9684-4AE7-857E-779380B9A825"
},
{
"criteria": "cpe:2.3:a:ibm:websphere_mq:7.0.2.2:*:file_transfer:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "38985204-536F-4BD6-A718-B28983FF668A"
},
{
"criteria": "cpe:2.3:a:ibm:websphere_mq:7.0.4:*:file_transfer:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "01A2D4A5-325E-4D67-A8E5-594F16B909F7"
},
{
"criteria": "cpe:2.3:a:ibm:websphere_mq:7.0.4.0:*:file_transfer:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "740568A4-24F3-4F58-AC99-442184C9F0C4"
}
],
"operator": "OR"
}
]
}
]