IBM WebSphere MQ 7.1, when an SVRCONN channel is used, allows remote attackers to bypass the security-configuration setup step and obtain queue-manager access via unspecified vectors.
Max CVSS
4.3
EPSS Score
0.22%
Published
2012-08-29
Updated
2017-08-29
Multiple cross-site request forgery (CSRF) vulnerabilities in the Web Gateway component in IBM WebSphere MQ File Transfer Edition 7.0.4 and earlier, and WebSphere MQ - Managed File Transfer 7.5, allow remote attackers to hijack the authentication of arbitrary users for requests that (1) add user accounts via the /wmqfteconsole/Filespaces URI, (2) modify permissions via the /wmqfteconsole/FileSpacePermisssions URI, or (3) add MQ Message Descriptor (MQMD) user accounts via the /wmqfteconsole/UploadUsers URI.
Max CVSS
6.8
EPSS Score
0.45%
Published
2012-08-17
Updated
2017-08-29
The Web Gateway component in IBM WebSphere MQ File Transfer Edition 7.0.4 and earlier allows remote authenticated users to read files of arbitrary users via vectors involving a username in a URI, as demonstrated by a modified metadata=fteSamplesUser field to the /transfer URI.
Max CVSS
3.5
EPSS Score
0.32%
Published
2012-08-17
Updated
2017-08-29
The server message channel agent in the queue manager in the server in IBM WebSphere MQ 7.0.1 before 7.0.1.9, 7.1, and 7.5 on Solaris allows remote attackers to cause a denial of service (invalid address alignment exception and daemon crash) via vectors involving a multiplexed channel.
Max CVSS
5.0
EPSS Score
0.62%
Published
2012-09-25
Updated
2017-08-29
4 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!