QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2012-3294

Back to search

CVE-2012-3294

Published: Aug 17, 2012

Modified: Aug 6, 2024

PUBLISHED

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in the Web Gateway component in IBM WebSphere MQ File Transfer Edition 7.0.4 and earlier, and WebSphere MQ - Managed File Transfer 7.5, allow remote attackers to hijack the authentication of arbitrary users for requests that (1) add user accounts via the /wmqfteconsole/Filespaces URI, (2) modify permissions via the /wmqfteconsole/FileSpacePermisssions URI, or (3) add MQ Message Descriptor (MQMD) user accounts via the /wmqfteconsole/UploadUsers URI.

VendorProductVersions

n/a

n/a

affected
n/a

References

wmq-fte-csrf(77180)
vdb-entry
x_refsource_XF
IC85516
vendor-advisory
x_refsource_AIXAPAR
1027373
vdb-entry
x_refsource_SECTRACK
20477
exploit
x_refsource_EXPLOIT-DB

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now