CVE-2012-5952

CWE-287Improper Authentication3 documents3 sources
Severity
5.0MEDIUM
EPSS
0.2%
top 55.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Websphere Message Broker
Timeline
PublishedFeb 20
Latest updateMay 17

Description

IBM WebSphere Message Broker 6.1 before 6.1.0.12, 7.0 before 7.0.0.6, and 8.0 before 8.0.0.2 does not validate Basic Authentication credentials before proceeding to WS-Addressing and WS-Security operations, which allows remote attackers to trigger transmission of unauthenticated messages via unspecified vectors.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDibm/websphere_message_broker20 versions+19

🔴Vulnerability Details

2
GHSA
GHSA-fh54-rxv3-35p2: IBM WebSphere Message Broker 62022-05-17
CVEList
CVE-2012-5952: IBM WebSphere Message Broker 62013-02-20
CVE-2012-5952 (MEDIUM CVSS 5) | IBM WebSphere Message Broker 6.1 be | cvebase.io