Vulnerability Description
IBM WebSphere Message Broker 6.1 before 6.1.0.11, 7.0 before 7.0.0.5, and 8.0 before 8.0.0.2 has incorrect ownership of certain uninstaller Java Runtime Environment (JRE) files, which might allow local users to gain privileges by leveraging access to uid 501 or gid 300.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Websphere Message Broker | 6.1 |
Related Weaknesses (CWE)
References
- http://www-01.ibm.com/support/docview.wss?uid=swg1IC85477
- http://www.ibm.com/support/docview.wss?uid=swg21611401Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/77818
- http://www-01.ibm.com/support/docview.wss?uid=swg1IC85477
- http://www.ibm.com/support/docview.wss?uid=swg21611401Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/77818
FAQ
What is CVE-2012-3317?
CVE-2012-3317 is a vulnerability with a CVSS score of 6.9 (MEDIUM). IBM WebSphere Message Broker 6.1 before 6.1.0.11, 7.0 before 7.0.0.5, and 8.0 before 8.0.0.2 has incorrect ownership of certain uninstaller Java Runtime Environment (JRE) files, which might allow loca...
How severe is CVE-2012-3317?
CVE-2012-3317 has been rated MEDIUM with a CVSS base score of 6.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-3317?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Websphere Message Broker.