CVE-2012-3294

IBM WebSphere MQ File Transfer Edition < 7.0.4 and WebSphere MQ Managed File Transfer 7.5 - Cross-Site Request Forgery

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-3294. PoCs published by Nir Valtman.

AI-analyzed exploit summary This exploit demonstrates CSRF vulnerabilities in WebSphere MQ File Transfer Edition, allowing unauthorized addition of users, modification of permissions, and MQMD user IDs via crafted HTML forms.

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in the Web Gateway component in IBM WebSphere MQ File Transfer Edition 7.0.4 and earlier, and WebSphere MQ - Managed File Transfer 7.5, allow remote attackers to hijack the authentication of arbitrary users for requests that (1) add user accounts via the /wmqfteconsole/Filespaces URI, (2) modify permissions via the /wmqfteconsole/FileSpacePermisssions URI, or (3) add MQ Message Descriptor (MQMD) user accounts via the /wmqfteconsole/UploadUsers URI.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Nir Valtman · textwebappswindows
https://www.exploit-db.com/exploits/20477

This exploit demonstrates CSRF vulnerabilities in WebSphere MQ File Transfer Edition, allowing unauthorized addition of users, modification of permissions, and MQMD user IDs via crafted HTML forms.

Classification
Working Poc 100%
Attack Type
Other
Complexity
Trivial
Reliability
Reliable
Target: IBM WebSphere MQ File Transfer Edition 7.0.4 and earlier
Auth required
Prerequisites: Victim must be logged into the target application · Attacker must trick victim into visiting a malicious page
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Vendor Advisory x_refsource_confirm
http://www.ibm.com/support/docview.wss?uid=swg21607482
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/77180
Various Sources vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IC85516
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1027373
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/20477/

Scores

EPSS 0.0109
EPSS Percentile 61.2%

Details

CWE
CWE-352
Status published
Products (8)
ibm/websphere_mq 7.0
ibm/websphere_mq 7.0.0.1
ibm/websphere_mq 7.0.1.0
ibm/websphere_mq 7.0.2.0
ibm/websphere_mq 7.0.2.2
ibm/websphere_mq 7.0.4.0
ibm/websphere_mq < 7.0.4
ibm/websphere_mq_managed_file_transfer 7.5
Published Aug 17, 2012
Tracked Since Feb 18, 2026