CVE-2012-3317

IBM WebSphere Message Broker 6.1 before 6.1.0.11, 7.0 before 7.0.0.5, and 8.0 before 8.0.0.2 has incorrect ownership of certain uninstaller Java Runtime Environment (JRE) files, which might allow local users to gain privileges by leveraging access to uid 501 or gid 300.

Published: Dec 5, 2012
Updated: Apr 13, 2023
CVE: CVE-2012-3317
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.9
AV:L/AC:M/Au:N/C:C/I:C/A:C

CWEs:

CWE-264

Affected Software
References

Software	From	Fixed in
ibm / websphere_message_broker	6.1.0.9	6.1.0.9.x
ibm / websphere_message_broker	6.1	6.1.x
ibm / websphere_message_broker	6.1.0.6	6.1.0.6.x
ibm / websphere_message_broker	6.1.0.5	6.1.0.5.x
ibm / websphere_message_broker	6.1.0.10	6.1.0.10.x
ibm / websphere_message_broker	6.1.0.2	6.1.0.2.x
ibm / websphere_message_broker	6.1.0.3	6.1.0.3.x
ibm / websphere_message_broker	6.1.0.8	6.1.0.8.x
ibm / websphere_message_broker	6.1.0.1	6.1.0.1.x
ibm / websphere_message_broker	6.1.0.7	6.1.0.7.x
ibm / websphere_message_broker	6.1.0.4	6.1.0.4.x
ibm / websphere_message_broker	7.0.0.4	7.0.0.4.x
ibm / websphere_message_broker	7.0.0.3	7.0.0.3.x
ibm / websphere_message_broker	7.0.0.1	7.0.0.1.x
ibm / websphere_message_broker	7.0.0.2	7.0.0.2.x
ibm / websphere_message_broker	7.0.	7.0..x
ibm / websphere_message_broker	8.0	8.0.x
ibm / websphere_message_broker	8.0.0.1	8.0.0.1.x

Vulnerability Database

CVE-2012-3317