Published: 17/08/2012 Updated: 29/08/2017

CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8

VMScore: 355

Vector: AV:N/AC:M/Au:S/C:P/I:N/A:N

The Web Gateway component in IBM WebSphere MQ File Transfer Edition 7.0.4 and previous versions allows remote authenticated users to read files of arbitrary users via vectors involving a username in a URI, as demonstrated by a modified metadata=fteSamplesUser field to the /transfer URI.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ibm websphere mq 7.0.2.0
ibm websphere mq 7.0.2.2
ibm websphere mq 7.0
ibm websphere mq 7.0.0.1
ibm websphere mq 7.0.1.0
ibm websphere mq 7.0.4.0
ibm websphere mq 7.0.4

*Exploit Author:* Nir Valtman *Affected Platforms: *Version 704 and all previous versions of WebSphereMQ File Transfer Edition<publibboulderibmcom/infocenter/wmqfte/v7r0/indexjsp>running on all platforms are affected Apparently they published the CVE above without mentioning my name, since I found it in the same time while IBM ...

CWE-264 http://www-01.ibm.com/support/docview.wss?uid=swg1IC82761 http://www.exploit-db.com/exploits/20478/http://www.ibm.com/support/docview.wss?uid=swg21607481 https://exchange.xforce.ibmcloud.com/vulnerabilities/77095 https://nvd.nist.gov https://www.exploit-db.com/exploits/20478/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2012-2206

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect