Multiple cross-site request forgery (CSRF) vulnerabilities in the Web Gateway component in IBM WebSphere MQ File Transfer Edition 7.0.4 and previous versions, and WebSphere MQ - Managed File Transfer 7.5, allow remote malicious users to hijack the authentication of arbitrary users for requests that (1) add user accounts via the /wmqfteconsole/Filespaces URI, (2) modify permissions via the /wmqfteconsole/FileSpacePermisssions URI, or (3) add MQ Message Descriptor (MQMD) user accounts via the /wmqfteconsole/UploadUsers URI.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ibm websphere mq 7.0.4.0 |
||
ibm websphere mq 7.0.2.2 |
||
ibm websphere mq 7.0.2.0 |
||
ibm websphere mq |
||
ibm websphere mq managed file transfer 7.5 |
||
ibm websphere mq 7.0.1.0 |
||
ibm websphere mq 7.0.0.1 |
||
ibm websphere mq 7.0 |