CVE-2012-2206
IBM WebSphere MQ File Transfer Edition <= 7.0.4 - Authenticated Arbitrary File Read via Web Gateway URI
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2012-2206. PoCs published by Nir Valtman.
AI-analyzed exploit summary The exploit describes a privilege escalation vulnerability in WebSphereMQ File Transfer Edition, allowing a malicious user to access other users' files and filespaces via crafted GET requests. It details two attack methods: metadata manipulation and direct file access via known URLs.
Description
The Web Gateway component in IBM WebSphere MQ File Transfer Edition 7.0.4 and earlier allows remote authenticated users to read files of arbitrary users via vectors involving a username in a URI, as demonstrated by a modified metadata=fteSamplesUser field to the /transfer URI.
Exploits (1)
The exploit describes a privilege escalation vulnerability in WebSphereMQ File Transfer Edition, allowing a malicious user to access other users' files and filespaces via crafted GET requests. It details two attack methods: metadata manipulation and direct file access via known URLs.