Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2012-3294Cross-Site Request Forgery in IBM Websphere MQ

CWE-352Cross-Site Request Forgery4 documents4 sources
Severity
6.8MEDIUMNVD
EPSS
0.3%
top 44.85%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
IBM Websphere MQIBM Websphere MQ Managed File Transfer
Timeline
PublishedAug 17
Latest updateMay 17

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in the Web Gateway component in IBM WebSphere MQ File Transfer Edition 7.0.4 and earlier, and WebSphere MQ - Managed File Transfer 7.5, allow remote attackers to hijack the authentication of arbitrary users for requests that (1) add user accounts via the /wmqfteconsole/Filespaces URI, (2) modify permissions via the /wmqfteconsole/FileSpacePermisssions URI, or (3) add MQ Message Descriptor (MQMD) user accounts via the /wmqfteconsole/Uploa

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

NVDibm/websphere_mq7.0.4+6

🔴Vulnerability Details

2
GHSA
GHSA-wccq-42q9-qggj: Multiple cross-site request forgery (CSRF) vulnerabilities in the Web Gateway component in IBM WebSphere MQ File Transfer Edition 72022-05-17
CVEList
CVE-2012-3294: Multiple cross-site request forgery (CSRF) vulnerabilities in the Web Gateway component in IBM WebSphere MQ File Transfer Edition 72012-08-17

💥Exploits & PoCs

1
Exploit-DB
IBM Websphere MQ File Transfer Edition Web Gateway - Cross-Site Request Forgery2012-08-13
CVE-2012-3294 — Cross-Site Request Forgery in IBM | cvebase