CVE-2012-2206

IBM WebSphere MQ File Transfer Edition <= 7.0.4 - Authenticated Arbitrary File Read via Web Gateway URI

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-2206. PoCs published by Nir Valtman.

AI-analyzed exploit summary The exploit describes a privilege escalation vulnerability in WebSphereMQ File Transfer Edition, allowing a malicious user to access other users' files and filespaces via crafted GET requests. It details two attack methods: metadata manipulation and direct file access via known URLs.

Description

The Web Gateway component in IBM WebSphere MQ File Transfer Edition 7.0.4 and earlier allows remote authenticated users to read files of arbitrary users via vectors involving a username in a URI, as demonstrated by a modified metadata=fteSamplesUser field to the /transfer URI.

Exploits (1)

exploitdb WRITEUP
by Nir Valtman · textwebappswindows
https://www.exploit-db.com/exploits/20478

The exploit describes a privilege escalation vulnerability in WebSphereMQ File Transfer Edition, allowing a malicious user to access other users' files and filespaces via crafted GET requests. It details two attack methods: metadata manipulation and direct file access via known URLs.

Classification
Writeup 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: IBM WebSphereMQ File Transfer Edition <= 7.0.4
Auth required
Prerequisites: Valid user credentials · Knowledge of target file names and IDs
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Various Sources vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IC82761
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/20478/
Vendor Advisory x_refsource_confirm
http://www.ibm.com/support/docview.wss?uid=swg21607481
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/77095

Scores

EPSS 0.0201
EPSS Percentile 78.5%

Details

CWE
CWE-264
Status published
Products (7)
ibm/websphere_mq 7.0
ibm/websphere_mq 7.0.0.1
ibm/websphere_mq 7.0.1.0
ibm/websphere_mq 7.0.2.0
ibm/websphere_mq 7.0.2.2
ibm/websphere_mq 7.0.4
ibm/websphere_mq 7.0.4.0
Published Aug 17, 2012
Tracked Since Feb 18, 2026