Vulnerability Details CVE-2012-5952
IBM WebSphere Message Broker 6.1 before 6.1.0.12, 7.0 before 7.0.0.6, and 8.0 before 8.0.0.2 does not validate Basic Authentication credentials before proceeding to WS-Addressing and WS-Security operations, which allows remote attackers to trigger transmission of unauthenticated messages via unspecified vectors.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 44.3%
CVSS Severity
CVSS v2 Score 5.0
References
- http://www-01.ibm.com/support/docview.wss?uid=swg1IC89803
- http://www-01.ibm.com/support/docview.wss?uid=swg21623316
- https://exchange.xforce.ibmcloud.com/vulnerabilities/80666
- http://www-01.ibm.com/support/docview.wss?uid=swg1IC89803
- http://www-01.ibm.com/support/docview.wss?uid=swg21623316
- https://exchange.xforce.ibmcloud.com/vulnerabilities/80666
Products affected by CVE-2012-5952
-
cpe:2.3:a:ibm:websphere_message_broker:6.1
-
cpe:2.3:a:ibm:websphere_message_broker:6.1.0.1
-
cpe:2.3:a:ibm:websphere_message_broker:6.1.0.10
-
cpe:2.3:a:ibm:websphere_message_broker:6.1.0.11
-
cpe:2.3:a:ibm:websphere_message_broker:6.1.0.2
-
cpe:2.3:a:ibm:websphere_message_broker:6.1.0.3
-
cpe:2.3:a:ibm:websphere_message_broker:6.1.0.4
-
cpe:2.3:a:ibm:websphere_message_broker:6.1.0.5
-
cpe:2.3:a:ibm:websphere_message_broker:6.1.0.6
-
cpe:2.3:a:ibm:websphere_message_broker:6.1.0.7
-
cpe:2.3:a:ibm:websphere_message_broker:6.1.0.8
-
cpe:2.3:a:ibm:websphere_message_broker:6.1.0.9
-
cpe:2.3:a:ibm:websphere_message_broker:7.0.
-
cpe:2.3:a:ibm:websphere_message_broker:7.0.0.1
-
cpe:2.3:a:ibm:websphere_message_broker:7.0.0.2
-
cpe:2.3:a:ibm:websphere_message_broker:7.0.0.3
-
cpe:2.3:a:ibm:websphere_message_broker:7.0.0.4
-
cpe:2.3:a:ibm:websphere_message_broker:7.0.0.5
-
cpe:2.3:a:ibm:websphere_message_broker:8.0
-
cpe:2.3:a:ibm:websphere_message_broker:8.0.0.1