CVE-2012-3294

Name of the Vulnerable Software and Affected Versions IBM WebSphere MQ File Transfer Edition versions 7.0.4 and earlier IBM WebSphere MQ - Managed File Transfer version 7.5

Description The issue allows remote attackers to hijack the authentication of arbitrary users for requests. This can be done through several API endpoints, including "/wmqfteconsole/Filespaces" to add user accounts, "/wmqfteconsole/FileSpacePermisssions" to modify permissions, and "/wmqfteconsole/UploadUsers" to add MQ Message Descriptor (MQMD) user accounts.

Recommendations For IBM WebSphere MQ File Transfer Edition versions 7.0.4 and earlier, update to a version later than 7.0.4 to resolve the issue. For IBM WebSphere MQ - Managed File Transfer version 7.5, consider disabling access to the vulnerable API endpoints, such as /wmqfteconsole/Filespaces, /wmqfteconsole/FileSpacePermisssions, and /wmqfteconsole/UploadUsers, until a patch is available.