CVE-2012-3317

Currently unrated

Key Information:

Vendor: IBM
Status: Websphere Message Broker
Vendor: CVE Published:; 5 December 2012

Summary

IBM WebSphere Message Broker 6.1 before 6.1.0.11, 7.0 before 7.0.0.5, and 8.0 before 8.0.0.2 has incorrect ownership of certain uninstaller Java Runtime Environment (JRE) files, which might allow local users to gain privileges by leveraging access to uid 501 or gid 300.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/77818

vdb-entryx_refsource_XF

http://www-01.ibm.com/support/docview.wss?uid=swg1IC85477

vendor-advisoryx_refsource_AIXAPAR

http://www.ibm.com/support/docview.wss?uid=swg21611401

x_refsource_CONFIRM

Timeline

Vulnerability published
Dec 5, 2012
Vulnerability Reserved
Jun 7, 2012