CVE-2012-3317
First published: Wed Dec 05 2012(Updated: )
IBM WebSphere Message Broker 6.1 before 6.1.0.11, 7.0 before 7.0.0.5, and 8.0 before 8.0.0.2 has incorrect ownership of certain uninstaller Java Runtime Environment (JRE) files, which might allow local users to gain privileges by leveraging access to uid 501 or gid 300.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM WebSphere Message Broker | =6.1 | |
| IBM WebSphere Message Broker | =6.1.0.1 | |
| IBM WebSphere Message Broker | =6.1.0.2 | |
| IBM WebSphere Message Broker | =6.1.0.3 | |
| IBM WebSphere Message Broker | =6.1.0.4 | |
| IBM WebSphere Message Broker | =6.1.0.5 | |
| IBM WebSphere Message Broker | =6.1.0.6 | |
| IBM WebSphere Message Broker | =6.1.0.7 | |
| IBM WebSphere Message Broker | =6.1.0.8 | |
| IBM WebSphere Message Broker | =6.1.0.9 | |
| IBM WebSphere Message Broker | =6.1.0.10 | |
| IBM WebSphere Message Broker | =7.0. | |
| IBM WebSphere Message Broker | =7.0.0.1 | |
| IBM WebSphere Message Broker | =7.0.0.2 | |
| IBM WebSphere Message Broker | =7.0.0.3 | |
| IBM WebSphere Message Broker | =7.0.0.4 | |
| IBM WebSphere Message Broker | =8.0 | |
| IBM WebSphere Message Broker | =8.0.0.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2012-3317?
CVE-2012-3317 is classified as a privilege escalation vulnerability.
How do I fix CVE-2012-3317?
To fix CVE-2012-3317, apply the latest patches provided by IBM for the affected versions of WebSphere Message Broker.
Who is affected by CVE-2012-3317?
CVE-2012-3317 affects users of IBM WebSphere Message Broker versions 6.1, 7.0, and 8.0 prior to their respective patch levels.
What could happen if CVE-2012-3317 is exploited?
If exploited, CVE-2012-3317 could allow local users to gain unauthorized privileges on affected systems.
Is CVE-2012-3317 a local or remote vulnerability?
CVE-2012-3317 is a local vulnerability, meaning it requires local access to the affected systems to exploit.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/ibm
- canonical/ibm websphere message broker
- version/ibm websphere message broker/6.1
- version/ibm websphere message broker/6.1.0.1
- version/ibm websphere message broker/6.1.0.2
- version/ibm websphere message broker/6.1.0.3
- version/ibm websphere message broker/6.1.0.4
- version/ibm websphere message broker/6.1.0.5
- version/ibm websphere message broker/6.1.0.6
- version/ibm websphere message broker/6.1.0.7
- version/ibm websphere message broker/6.1.0.8
- version/ibm websphere message broker/6.1.0.9
- version/ibm websphere message broker/6.1.0.10
- version/ibm websphere message broker/7.0.
- version/ibm websphere message broker/7.0.0.1
- version/ibm websphere message broker/7.0.0.2
- version/ibm websphere message broker/7.0.0.3
- version/ibm websphere message broker/7.0.0.4
- version/ibm websphere message broker/8.0
- version/ibm websphere message broker/8.0.0.1