virus logo Intrusion Prevention

IBM.WebSphere.MQ.File.Transfer.Edition.Web.Gateway.CSRF

description-logoDescription

This indicates an attack attempt against a Cross Site Request Forgery vulnerability in in the "Web Gateway" component of IBM WebSphere MQ File Transfer Edition and WebSphere Managed File Transfer.
The vulnerability is due to insufficient sanitizing of user supplied inputs in the application. These vulnerabilities can be exploited using a CSRF (Cross Site Request Forgery) attack, allowing malicious user to add userspace, change permissions and add MQMD (MQ Message Descriptor) user IDs.

affected-products-logoAffected Products

WebSphere MQ File Transfer Edition Version 7.0.4 and earlier versions
WebSphere MQ - Managed File Transfer Version 7.5 and earlier versions

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
http://www-01.ibm.com/support/docview.wss?uid=swg21607482

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

References

http://www-01.ibm.com/support/docview.wss?uid=swg21607482 http://www.exploit-db.com/exploits/20477/
ID 32877
Created Aug 30, 2012
Updated Mar 04, 2022
Risk black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon
CVE ID CVE-2012-3294
Exploit Prediction Score 0.45%
Default Action drop
Active
Affected OS Windows, Linux
Affected App IBM