CVE-2012-2206 in WebSphere MQinfo

Summary

The Web Gateway component in IBM WebSphere MQ File Transfer Edition 7.0.4 and earlier allows remote authenticated users to read files of arbitrary users via vectors involving a username in a URI, as demonstrated by a modified metadata=fteSamplesUser field to the /transfer URI.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Reservation

04/04/2012

Disclosure

08/17/2012

Moderation

VulDB entry created

Entries

1: VDB-5973

CPE

ready

CWE

CWE-264 (Confirmed)

Exploit

Download

CVSS

4.3

EPSS

0.07716

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2012-2206
NVD	https://nvd.nist.gov/vuln/detail/CVE-2012-2206
CVE Details	https://www.cvedetails.com/cve/CVE-2012-2206/

◂ Previous Overview Next ▸

Interested in the pricing of exploits?

See the underground prices here!