CVE-2012-2206

Name of the Vulnerable Software and Affected Versions IBM WebSphere MQ File Transfer Edition versions 7.0.4 and earlier

Description The issue allows remote authenticated users to read files of arbitrary users via vectors involving a username in a URI. This can be demonstrated by modifying the metadata=fteSamplesUser field to the "/transfer" API endpoint.

Recommendations For IBM WebSphere MQ File Transfer Edition versions 7.0.4 and earlier, consider restricting access to the "/transfer" API endpoint until a fix is available. As a temporary workaround, avoid using the metadata field with user-specific data in the "/transfer" URI to minimize the risk of exploitation.