Vulnerability Description
The Web Gateway component in IBM WebSphere MQ File Transfer Edition 7.0.4 and earlier allows remote authenticated users to read files of arbitrary users via vectors involving a username in a URI, as demonstrated by a modified metadata=fteSamplesUser field to the /transfer URI.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Websphere Mq | 7.0 |
Related Weaknesses (CWE)
References
- http://www-01.ibm.com/support/docview.wss?uid=swg1IC82761
- http://www.exploit-db.com/exploits/20478/Exploit
- http://www.ibm.com/support/docview.wss?uid=swg21607481Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/77095
- http://www-01.ibm.com/support/docview.wss?uid=swg1IC82761
- http://www.exploit-db.com/exploits/20478/Exploit
- http://www.ibm.com/support/docview.wss?uid=swg21607481Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/77095
FAQ
What is CVE-2012-2206?
CVE-2012-2206 is a vulnerability with a CVSS score of 3.5 (LOW). The Web Gateway component in IBM WebSphere MQ File Transfer Edition 7.0.4 and earlier allows remote authenticated users to read files of arbitrary users via vectors involving a username in a URI, as d...
How severe is CVE-2012-2206?
CVE-2012-2206 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-2206?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Websphere Mq.