CVE-2012-3294
IBM WebSphere MQ File Transfer Edition < 7.0.4 and WebSphere MQ Managed File Transfer 7.5 - Cross-Site Request Forgery
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2012-3294. PoCs published by Nir Valtman.
AI-analyzed exploit summary This exploit demonstrates CSRF vulnerabilities in WebSphere MQ File Transfer Edition, allowing unauthorized addition of users, modification of permissions, and MQMD user IDs via crafted HTML forms.
Description
Multiple cross-site request forgery (CSRF) vulnerabilities in the Web Gateway component in IBM WebSphere MQ File Transfer Edition 7.0.4 and earlier, and WebSphere MQ - Managed File Transfer 7.5, allow remote attackers to hijack the authentication of arbitrary users for requests that (1) add user accounts via the /wmqfteconsole/Filespaces URI, (2) modify permissions via the /wmqfteconsole/FileSpacePermisssions URI, or (3) add MQ Message Descriptor (MQMD) user accounts via the /wmqfteconsole/UploadUsers URI.
Exploits (1)
This exploit demonstrates CSRF vulnerabilities in WebSphere MQ File Transfer Edition, allowing unauthorized addition of users, modification of permissions, and MQMD user IDs via crafted HTML forms.