The Web Gateway component in IBM WebSphere MQ File Transfer Edition 7.0.4 and previous versions allows remote authenticated users to read files of arbitrary users via vectors involving a username in a URI, as demonstrated by a modified metadata=fteSamplesUser field to the /transfer URI.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ibm websphere mq 7.0.2.0 |
||
ibm websphere mq 7.0.2.2 |
||
ibm websphere mq 7.0 |
||
ibm websphere mq 7.0.0.1 |
||
ibm websphere mq 7.0.1.0 |
||
ibm websphere mq 7.0.4.0 |
||
ibm websphere mq 7.0.4 |