CVE-2012-3317

IBM WebSphere Message Broker 6.1 before 6.1.0.11, 7.0 before 7.0.0.5, and 8.0 before 8.0.0.2 has incorrect ownership of certain uninstaller Java Runtime Environment (JRE) files, which might allow local users to gain privileges by leveraging access to uid 501 or gid 300.

CVSS v2.0 6.9 MEDIUM

6.9^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 3.4 / Impact : 10.0

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www-01.ibm.com/support/docview.wss?uid=swg1IC85477
http://www.ibm.com/support/docview.wss?uid=swg21611401	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/77818

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:websphere_message_broker:6.1:::::::*
	cpe:2.3:a:ibm:websphere_message_broker:6.1.0.1:::::::*
	cpe:2.3:a:ibm:websphere_message_broker:6.1.0.2:::::::*
	cpe:2.3:a:ibm:websphere_message_broker:6.1.0.3:::::::*
	cpe:2.3:a:ibm:websphere_message_broker:6.1.0.4:::::::*
	cpe:2.3:a:ibm:websphere_message_broker:6.1.0.5:::::::*
	cpe:2.3:a:ibm:websphere_message_broker:6.1.0.6:::::::*
	cpe:2.3:a:ibm:websphere_message_broker:6.1.0.7:::::::*
	cpe:2.3:a:ibm:websphere_message_broker:6.1.0.8:::::::*
	cpe:2.3:a:ibm:websphere_message_broker:6.1.0.9:::::::*
	cpe:2.3:a:ibm:websphere_message_broker:6.1.0.10:::::::*

Configuration 2 (hide)

OR	cpe:2.3:a:ibm:websphere_message_broker:7.0.:::::::*
	cpe:2.3:a:ibm:websphere_message_broker:7.0.0.1:::::::*
	cpe:2.3:a:ibm:websphere_message_broker:7.0.0.2:::::::*
	cpe:2.3:a:ibm:websphere_message_broker:7.0.0.3:::::::*
	cpe:2.3:a:ibm:websphere_message_broker:7.0.0.4:::::::*

Configuration 3 (hide)

OR	cpe:2.3:a:ibm:websphere_message_broker:8.0:::::::*
	cpe:2.3:a:ibm:websphere_message_broker:8.0.0.1:::::::*

History

No history.

Information

Published : 2012-12-05 11:57

Updated : 2017-08-29 01:31

NVD link : CVE-2012-3317

Mitre link : CVE-2012-3317

CVE.ORG link : CVE-2012-3317

JSON object : View

Products Affected

ibm

websphere_message_broker

CWE

CWE-264

Permissions, Privileges, and Access Controls

{"id": "CVE-2012-3317", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2012-12-05T11:57:14.757", "references": [{"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC85477", "source": "psirt@us.ibm.com"}, {"url": "http://www.ibm.com/support/docview.wss?uid=swg21611401", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77818", "source": "psirt@us.ibm.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "IBM WebSphere Message Broker 6.1 before 6.1.0.11, 7.0 before 7.0.0.5, and 8.0 before 8.0.0.2 has incorrect ownership of certain uninstaller Java Runtime Environment (JRE) files, which might allow local users to gain privileges by leveraging access to uid 501 or gid 300."}, {"lang": "es", "value": "IBM WebSphere Message Broker v6.1 anterior a v6.1.0.11, v7.0 anterior a v7.0.0.5, y v8.0 anterior a v8.0.0.2 tiene la propiedad incorrecta de cierto programa de desinstalaci\u00f3n de Java Runtime Environment (JRE), lo que podr\u00eda permitir a usuarios locales obtener privilegios mediante el aprovechamiento de acceso a uid 501 o gid 300."}], "lastModified": "2017-08-29T01:31:53.243", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:websphere_message_broker:6.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "69C3EE89-7F3F-4578-9EC8-7E03621D0273"}, {"criteria": "cpe:2.3:a:ibm:websphere_message_broker:6.1.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D74569CA-0038-4E8F-82DA-2B1938E3F67D"}, {"criteria": "cpe:2.3:a:ibm:websphere_message_broker:6.1.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "59D58AC0-EA2F-4DC4-82C9-C534497EFBD4"}, {"criteria": "cpe:2.3:a:ibm:websphere_message_broker:6.1.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "95F2360D-24D4-42C2-A0DA-0EC60827E1F1"}, {"criteria": "cpe:2.3:a:ibm:websphere_message_broker:6.1.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CE8A9C81-A697-4FD3-8B1D-3C7CFE8D7316"}, {"criteria": "cpe:2.3:a:ibm:websphere_message_broker:6.1.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9B1FE3CA-0AE3-44D0-A09D-38731BE07E78"}, {"criteria": "cpe:2.3:a:ibm:websphere_message_broker:6.1.0.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "66F5CA02-9FAA-4E4F-85AD-159C6634979F"}, {"criteria": "cpe:2.3:a:ibm:websphere_message_broker:6.1.0.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "10C438DC-71DA-4A64-AE9E-B55B0FAFE7D9"}, {"criteria": "cpe:2.3:a:ibm:websphere_message_broker:6.1.0.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5D7EE1CD-4ED8-45B4-892D-E4A7A96EF131"}, {"criteria": "cpe:2.3:a:ibm:websphere_message_broker:6.1.0.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "533721B3-7F21-4552-BDD1-A871CE5321DE"}, {"criteria": "cpe:2.3:a:ibm:websphere_message_broker:6.1.0.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B9A05E66-96E8-49C9-B0AA-192090DF3618"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:websphere_message_broker:7.0.:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "240F8B7E-D5F2-4450-97D2-45A4E427170D"}, {"criteria": "cpe:2.3:a:ibm:websphere_message_broker:7.0.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F76DCB43-6AFF-4C58-B646-423A6CECCA14"}, {"criteria": "cpe:2.3:a:ibm:websphere_message_broker:7.0.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1BC76D23-2211-40D8-8115-382BD7BA6ABD"}, {"criteria": "cpe:2.3:a:ibm:websphere_message_broker:7.0.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BD879AA3-9887-4C8F-BEDB-50A39D193C4C"}, {"criteria": "cpe:2.3:a:ibm:websphere_message_broker:7.0.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BA01CDC5-5725-460F-9DAD-B7F8094FAA69"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:websphere_message_broker:8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0F93BF57-FD4F-456C-8DFD-CEF8B5AEF35D"}, {"criteria": "cpe:2.3:a:ibm:websphere_message_broker:8.0.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B859DAA9-1B0E-47CE-813D-108776C3B239"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}