Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2012-3294
Deferred
More InfoOfficial Page
Source-psirt@us.ibm.com
View Known Exploited Vulnerability (KEV) details
Published At-17 Aug, 2012 | 10:31
Updated At-11 Apr, 2025 | 00:51

Multiple cross-site request forgery (CSRF) vulnerabilities in the Web Gateway component in IBM WebSphere MQ File Transfer Edition 7.0.4 and earlier, and WebSphere MQ - Managed File Transfer 7.5, allow remote attackers to hijack the authentication of arbitrary users for requests that (1) add user accounts via the /wmqfteconsole/Filespaces URI, (2) modify permissions via the /wmqfteconsole/FileSpacePermisssions URI, or (3) add MQ Message Descriptor (MQMD) user accounts via the /wmqfteconsole/UploadUsers URI.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.06.8MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
CPE Matches
IBM Corporation
ibm
>>websphere_mq>>Versions up to 7.0.4(inclusive)
cpe:2.3:a:ibm:websphere_mq:*:*:file_transfer:*:*:*:*:*
IBM Corporation
ibm
>>websphere_mq>>7.0
cpe:2.3:a:ibm:websphere_mq:7.0:*:file_transfer:*:*:*:*:*
IBM Corporation
ibm
>>websphere_mq>>7.0.0.1
cpe:2.3:a:ibm:websphere_mq:7.0.0.1:*:file_transfer:*:*:*:*:*
IBM Corporation
ibm
>>websphere_mq>>7.0.1.0
cpe:2.3:a:ibm:websphere_mq:7.0.1.0:*:file_transfer:*:*:*:*:*
IBM Corporation
ibm
>>websphere_mq>>7.0.2.0
cpe:2.3:a:ibm:websphere_mq:7.0.2.0:*:file_transfer:*:*:*:*:*
IBM Corporation
ibm
>>websphere_mq>>7.0.2.2
cpe:2.3:a:ibm:websphere_mq:7.0.2.2:*:file_transfer:*:*:*:*:*
IBM Corporation
ibm
>>websphere_mq>>7.0.4.0
cpe:2.3:a:ibm:websphere_mq:7.0.4.0:*:file_transfer:*:*:*:*:*
IBM Corporation
ibm
>>websphere_mq_managed_file_transfer>>7.5
cpe:2.3:a:ibm:websphere_mq_managed_file_transfer:7.5:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-352Primarynvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www-01.ibm.com/support/docview.wss?uid=swg1IC85516psirt@us.ibm.com
N/A
http://www.exploit-db.com/exploits/20477/psirt@us.ibm.com
Exploit
http://www.ibm.com/support/docview.wss?uid=swg21607482psirt@us.ibm.com
Vendor Advisory
http://www.securitytracker.com/id?1027373psirt@us.ibm.com
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/77180psirt@us.ibm.com
N/A
http://www-01.ibm.com/support/docview.wss?uid=swg1IC85516af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.exploit-db.com/exploits/20477/af854a3a-2127-422b-91ae-364da2661108
Exploit
http://www.ibm.com/support/docview.wss?uid=swg21607482af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.securitytracker.com/id?1027373af854a3a-2127-422b-91ae-364da2661108
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/77180af854a3a-2127-422b-91ae-364da2661108
N/A
Change History
0Changes found
Details not found