CVSS: 4.4EPSS: 0%CPEs: 7EXPL: 0CVE-2017-1795
https://notcve.org/view.php?id=CVE-2017-1795
IBM WebSphere MQ 7.5, 8.0, and 9.0 through 9.0.4 could allow a local user to obtain highly sensitive information via trace logs in IBM WebSphere MQ Managed File Transfer. IBM X-Force ID: 137042. IBM WebSphere MQ 7.5, 8.0 y 9.0 hasta la versión 9.0.4 podría permitir que un usuario local obtenga información sensible mediante registros de rastreo en IBM WebSphere MQ Managed File Transfer. IBM X-Force ID: 137042. • http://www.ibm.com/support/docview.wss?uid=swg22012389 https://exchange.xforce.ibmcloud.com/vulnerabilities/137042 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 6.8EPSS: 0%CPEs: 8EXPL: 2CVE-2012-3294 – IBM Websphere MQ File Transfer Edition Web Gateway - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2012-3294
Multiple cross-site request forgery (CSRF) vulnerabilities in the Web Gateway component in IBM WebSphere MQ File Transfer Edition 7.0.4 and earlier, and WebSphere MQ - Managed File Transfer 7.5, allow remote attackers to hijack the authentication of arbitrary users for requests that (1) add user accounts via the /wmqfteconsole/Filespaces URI, (2) modify permissions via the /wmqfteconsole/FileSpacePermisssions URI, or (3) add MQ Message Descriptor (MQMD) user accounts via the /wmqfteconsole/UploadUsers URI. Múltiples vulnerabilidades de falsificación de peticiones en sitios cruzados (CSRF) en el componente de puerta de enlace de web (Web Gateway) de IBM WebSphere MQ File Transfer Edition v7.0.4 y versiones anteriores, y WebSphere MQ - Managed File Transfer v7.5, permiten a atacantes remotos secuestrar la autenticación de usuarios de su elección para las solicitudes que (1) agreguen cuentas de usuario a través de la URI wmqfteconsole/Filespaces, (2) modifiquen los permisos a través de la URI wmqfteconsole/FileSpacePermisssions, o (3) agreguen cuentas de usuario de MQ Message Descriptor (MQMD) a través de la URI wmqfteconsole/UploadUsers. IBM WebSphere MQ File Transfer Edition Web Gateway suffers from a cross site request forgery vulnerability. • https://www.exploit-db.com/exploits/20477 http://www-01.ibm.com/support/docview.wss?uid=swg1IC85516 http://www.exploit-db.com/exploits/20477 http://www.ibm.com/support/docview.wss?uid=swg21607482 http://www.securitytracker.com/id?1027373 https://exchange.xforce.ibmcloud.com/vulnerabilities/77180 • CWE-352: Cross-Site Request Forgery (CSRF) •