Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2012-2206IBM Websphere MQ vulnerability

CWE-2645 documents4 sources
Severity
3.5LOWNVD
EPSS
7.7%
top 8.05%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
IBM Websphere MQ
Timeline
PublishedAug 17
Latest updateMay 17

Description

The Web Gateway component in IBM WebSphere MQ File Transfer Edition 7.0.4 and earlier allows remote authenticated users to read files of arbitrary users via vectors involving a username in a URI, as demonstrated by a modified metadata=fteSamplesUser field to the /transfer URI.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 6.8 | Impact: 2.9

Affected Packages1 packages

NVDibm/websphere_mq7 versions+6

🔴Vulnerability Details

2
GHSA
GHSA-j848-h89c-pqhf: The Web Gateway component in IBM WebSphere MQ File Transfer Edition 72022-05-17
CVEList
CVE-2012-2206: The Web Gateway component in IBM WebSphere MQ File Transfer Edition 72012-08-17

💥Exploits & PoCs

2
Exploit-DB
Ulterius Server < 1.9.5.0 - Directory Traversal2017-11-13
Exploit-DB
IBM Websphere MQ File Transfer Edition Web Gateway - Insufficient Access Control2012-08-13
CVE-2012-2206 — IBM Websphere MQ vulnerability | cvebase