CVE-2012-3317

IBM WebSphere Message Broker 6.1 before 6.1.0.11, 7.0 before 7.0.0.5, and 8.0 before 8.0.0.2 has incorrect ownership of certain uninstaller Java Runtime Environment (JRE) files, which might allow local users to gain privileges by leveraging access to uid 501 or gid 300.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.9 UNKNOWN
LOCAL
MEDIUM
AV:L/AC:M/Au:N/C:C/I:C/A:C
ibmCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 15%
VendorProductVersion
ibmwebsphere_message_broker
6.1
ibmwebsphere_message_broker
6.1.0.1
ibmwebsphere_message_broker
6.1.0.2
ibmwebsphere_message_broker
6.1.0.3
ibmwebsphere_message_broker
6.1.0.4
ibmwebsphere_message_broker
6.1.0.5
ibmwebsphere_message_broker
6.1.0.6
ibmwebsphere_message_broker
6.1.0.7
ibmwebsphere_message_broker
6.1.0.8
ibmwebsphere_message_broker
6.1.0.9
ibmwebsphere_message_broker
6.1.0.10
ibmwebsphere_message_broker
7.0.
ibmwebsphere_message_broker
7.0.0.1
ibmwebsphere_message_broker
7.0.0.2
ibmwebsphere_message_broker
7.0.0.3
ibmwebsphere_message_broker
7.0.0.4
ibmwebsphere_message_broker
8.0
ibmwebsphere_message_broker
8.0.0.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www-01.ibm.com/support/docview.wss?uid=swg1IC85477
http://www.ibm.com/support/docview.wss?uid=swg21611401
https://exchange.xforce.ibmcloud.com/vulnerabilities/77818
http://www-01.ibm.com/support/docview.wss?uid=swg1IC85477
http://www.ibm.com/support/docview.wss?uid=swg21611401
https://exchange.xforce.ibmcloud.com/vulnerabilities/77818