Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2012-3317

IBM WebSphere Message Broker 6.1 before 6.1.0.11, 7.0 before 7.0.0.5, and 8.0 before 8.0.0.2 has incorrect ownership of certain uninstaller Java Runtime Environment (JRE) files, which might allow local users to gain privileges by leveraging access to uid 501 or gid 300.

Published

2012-12-05T11:57:14.757

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 6.9 (MEDIUM)

CVSSv2 Vector

AV:L/AC:M/Au:N/C:C/I:C/A:C

  • Access Vector: LOCAL
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: COMPLETE
  • Integrity Impact: COMPLETE
  • Availability Impact: COMPLETE
Exploitability Score

3.4

Impact Score

10.0

Weaknesses
  • Type: Primary
    CWE-264
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application ibm websphere_message_broker 6.1 Yes
Application ibm websphere_message_broker 6.1.0.1 Yes
Application ibm websphere_message_broker 6.1.0.2 Yes
Application ibm websphere_message_broker 6.1.0.3 Yes
Application ibm websphere_message_broker 6.1.0.4 Yes
Application ibm websphere_message_broker 6.1.0.5 Yes
Application ibm websphere_message_broker 6.1.0.6 Yes
Application ibm websphere_message_broker 6.1.0.7 Yes
Application ibm websphere_message_broker 6.1.0.8 Yes
Application ibm websphere_message_broker 6.1.0.9 Yes
Application ibm websphere_message_broker 6.1.0.10 Yes
Application ibm websphere_message_broker 7.0. Yes
Application ibm websphere_message_broker 7.0.0.1 Yes
Application ibm websphere_message_broker 7.0.0.2 Yes
Application ibm websphere_message_broker 7.0.0.3 Yes
Application ibm websphere_message_broker 7.0.0.4 Yes
Application ibm websphere_message_broker 8.0 Yes
Application ibm websphere_message_broker 8.0.0.1 Yes
References