CVE-2012-3294
Published Aug 17, 2012
Last updated 7 years ago
Overview
- Description
- Multiple cross-site request forgery (CSRF) vulnerabilities in the Web Gateway component in IBM WebSphere MQ File Transfer Edition 7.0.4 and earlier, and WebSphere MQ - Managed File Transfer 7.5, allow remote attackers to hijack the authentication of arbitrary users for requests that (1) add user accounts via the /wmqfteconsole/Filespaces URI, (2) modify permissions via the /wmqfteconsole/FileSpacePermisssions URI, or (3) add MQ Message Descriptor (MQMD) user accounts via the /wmqfteconsole/UploadUsers URI.
- Source
- psirt@us.ibm.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 6.8
- Impact score
- 6.4
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-352
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_mq:*:*:file_transfer:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "34334B53-0D91-4539-A8C5-F40007E11245",
"versionEndIncluding": "7.0.4"
},
{
"criteria": "cpe:2.3:a:ibm:websphere_mq:7.0:*:file_transfer:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CCC205E7-DEEF-4217-A0F8-060EA98B6D17"
},
{
"criteria": "cpe:2.3:a:ibm:websphere_mq:7.0.0.1:*:file_transfer:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7FADD25C-32BB-4E6B-B07F-F0E2D45602EC"
},
{
"criteria": "cpe:2.3:a:ibm:websphere_mq:7.0.1.0:*:file_transfer:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "98A1AA9D-F576-43C9-91AD-BC8CEB427A07"
},
{
"criteria": "cpe:2.3:a:ibm:websphere_mq:7.0.2.0:*:file_transfer:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "97B0EF19-9684-4AE7-857E-779380B9A825"
},
{
"criteria": "cpe:2.3:a:ibm:websphere_mq:7.0.2.2:*:file_transfer:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "38985204-536F-4BD6-A718-B28983FF668A"
},
{
"criteria": "cpe:2.3:a:ibm:websphere_mq:7.0.4.0:*:file_transfer:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "740568A4-24F3-4F58-AC99-442184C9F0C4"
},
{
"criteria": "cpe:2.3:a:ibm:websphere_mq_managed_file_transfer:7.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C58B700B-B66E-4B7E-9557-2FB0107F44EE"
}
],
"operator": "OR"
}
]
}
]