Vigil@nce - IBM WebSphere MQ File Transfer Edition: two vulnerabilities
August 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
Two vulnerabilities of IBM WebSphere MQ File Transfer Edition Web
Gateway can be used by an attacker to access to data, or to do
operations.
Severity: 2/4
Creation date: 10/08/2012
IMPACTED PRODUCTS
– IBM WebSphere MQ
DESCRIPTION OF THE VULNERABILITY
Two vulnerabilities were announced in IBM WebSphere MQ File
Transfer Edition Web Gateway.
An authenticated attacker on IBM WebSphere MQ File Transfer
Edition Web Gateway can access to file transfers of other users.
[severity:2/4; CVE-2012-2206, IC82761, swg21607481]
An attacker can generate a Cross Site Request Forgery on IBM
WebSphere MQ File Transfer Edition Web Gateway, in order to
execute actions with privileges of the authenticated victim.
[severity:2/4; CVE-2012-3294, swg21607482]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/IBM-WebSphere-MQ-File-Transfer-Edition-two-vulnerabilities-11839