CVE-2012-3317

EUVD-2012-3295
IBM WebSphere Message Broker 6.1 before 6.1.0.11, 7.0 before 7.0.0.5, and 8.0 before 8.0.0.2 has incorrect ownership of certain uninstaller Java Runtime Environment (JRE) files, which might allow local users to gain privileges by leveraging access to uid 501 or gid 300.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.9 UNKNOWN
LOCAL
MEDIUM
AV:L/AC:M/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 36%
Affected Products (NVD)
VendorProductVersion
ibmwebsphere_message_broker
6.1
ibmwebsphere_message_broker
6.1.0.1
ibmwebsphere_message_broker
6.1.0.2
ibmwebsphere_message_broker
6.1.0.3
ibmwebsphere_message_broker
6.1.0.4
ibmwebsphere_message_broker
6.1.0.5
ibmwebsphere_message_broker
6.1.0.6
ibmwebsphere_message_broker
6.1.0.7
ibmwebsphere_message_broker
6.1.0.8
ibmwebsphere_message_broker
6.1.0.9
ibmwebsphere_message_broker
6.1.0.10
ibmwebsphere_message_broker
7.0.
ibmwebsphere_message_broker
7.0.0.1
ibmwebsphere_message_broker
7.0.0.2
ibmwebsphere_message_broker
7.0.0.3
ibmwebsphere_message_broker
7.0.0.4
ibmwebsphere_message_broker
8.0
ibmwebsphere_message_broker
8.0.0.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www-01.ibm.com/support/docview.wss?uid=swg1IC85477
http://www.ibm.com/support/docview.wss?uid=swg21611401
https://exchange.xforce.ibmcloud.com/vulnerabilities/77818
http://www-01.ibm.com/support/docview.wss?uid=swg1IC85477
http://www.ibm.com/support/docview.wss?uid=swg21611401
https://exchange.xforce.ibmcloud.com/vulnerabilities/77818