CVSS: 5.0EPSS: 0%CPEs: 20EXPL: 0CVE-2012-5952
https://notcve.org/view.php?id=CVE-2012-5952
IBM WebSphere Message Broker 6.1 before 6.1.0.12, 7.0 before 7.0.0.6, and 8.0 before 8.0.0.2 does not validate Basic Authentication credentials before proceeding to WS-Addressing and WS-Security operations, which allows remote attackers to trigger transmission of unauthenticated messages via unspecified vectors. IBM WebSphere Message Broker v6.1 antes de v6.1.0.12, v7.0 antes de v7.0.0.6 y v8.0 antes de v8.0.0.2 no validan credenciales de autenticación básicas antes de proceder a operaciones de WS-Addressing y WS-Security, lo que permite a atacantes remotos provocar la transmisión de mensajes no autenticados a través de vectores sin especificar. • http://www-01.ibm.com/support/docview.wss?uid=swg1IC89803 http://www-01.ibm.com/support/docview.wss?uid=swg21623316 https://exchange.xforce.ibmcloud.com/vulnerabilities/80666 • CWE-287: Improper Authentication •
CVSS: 6.9EPSS: 0%CPEs: 18EXPL: 0CVE-2012-3317
https://notcve.org/view.php?id=CVE-2012-3317
IBM WebSphere Message Broker 6.1 before 6.1.0.11, 7.0 before 7.0.0.5, and 8.0 before 8.0.0.2 has incorrect ownership of certain uninstaller Java Runtime Environment (JRE) files, which might allow local users to gain privileges by leveraging access to uid 501 or gid 300. IBM WebSphere Message Broker v6.1 anterior a v6.1.0.11, v7.0 anterior a v7.0.0.5, y v8.0 anterior a v8.0.0.2 tiene la propiedad incorrecta de cierto programa de desinstalación de Java Runtime Environment (JRE), lo que podría permitir a usuarios locales obtener privilegios mediante el aprovechamiento de acceso a uid 501 o gid 300. • http://www-01.ibm.com/support/docview.wss?uid=swg1IC85477 http://www.ibm.com/support/docview.wss?uid=swg21611401 https://exchange.xforce.ibmcloud.com/vulnerabilities/77818 • CWE-264: Permissions, Privileges, and Access Controls •