{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-11-29T00:00:00", "descriptions": [{"lang": "en", "value": "IBM WebSphere Message Broker 6.1 before 6.1.0.11, 7.0 before 7.0.0.5, and 8.0 before 8.0.0.2 has incorrect ownership of certain uninstaller Java Runtime Environment (JRE) files, which might allow local users to gain privileges by leveraging access to uid 501 or gid 300."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"name": "wmb-uninstallerjvm-privilege-escalation(77818)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77818"}, {"name": "IC85477", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC85477"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.ibm.com/support/docview.wss?uid=swg21611401"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2012-3317", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "IBM WebSphere Message Broker 6.1 before 6.1.0.11, 7.0 before 7.0.0.5, and 8.0 before 8.0.0.2 has incorrect ownership of certain uninstaller Java Runtime Environment (JRE) files, which might allow local users to gain privileges by leveraging access to uid 501 or gid 300."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "wmb-uninstallerjvm-privilege-escalation(77818)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77818"}, {"name": "IC85477", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC85477"}, {"name": "http://www.ibm.com/support/docview.wss?uid=swg21611401", "refsource": "CONFIRM", "url": "http://www.ibm.com/support/docview.wss?uid=swg21611401"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T19:57:50.473Z"}, "title": "CVE Program Container", "references": [{"name": "wmb-uninstallerjvm-privilege-escalation(77818)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77818"}, {"name": "IC85477", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC85477"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.ibm.com/support/docview.wss?uid=swg21611401"}]}]}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2012-3317", "datePublished": "2012-12-05T11:00:00", "dateReserved": "2012-06-07T00:00:00", "dateUpdated": "2024-08-06T19:57:50.473Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:websphere_message_broker:6.1:*:*:*:*:*:*:*", "matchCriteriaId": "69C3EE89-7F3F-4578-9EC8-7E03621D0273", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_message_broker:6.1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "D74569CA-0038-4E8F-82DA-2B1938E3F67D", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_message_broker:6.1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "59D58AC0-EA2F-4DC4-82C9-C534497EFBD4", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_message_broker:6.1.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "95F2360D-24D4-42C2-A0DA-0EC60827E1F1", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_message_broker:6.1.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "CE8A9C81-A697-4FD3-8B1D-3C7CFE8D7316", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_message_broker:6.1.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "9B1FE3CA-0AE3-44D0-A09D-38731BE07E78", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_message_broker:6.1.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "66F5CA02-9FAA-4E4F-85AD-159C6634979F", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_message_broker:6.1.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "10C438DC-71DA-4A64-AE9E-B55B0FAFE7D9", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_message_broker:6.1.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "5D7EE1CD-4ED8-45B4-892D-E4A7A96EF131", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_message_broker:6.1.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "533721B3-7F21-4552-BDD1-A871CE5321DE", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_message_broker:6.1.0.10:*:*:*:*:*:*:*", "matchCriteriaId": "B9A05E66-96E8-49C9-B0AA-192090DF3618", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:websphere_message_broker:7.0.:*:*:*:*:*:*:*", "matchCriteriaId": "240F8B7E-D5F2-4450-97D2-45A4E427170D", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_message_broker:7.0.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "F76DCB43-6AFF-4C58-B646-423A6CECCA14", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_message_broker:7.0.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "1BC76D23-2211-40D8-8115-382BD7BA6ABD", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_message_broker:7.0.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "BD879AA3-9887-4C8F-BEDB-50A39D193C4C", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_message_broker:7.0.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "BA01CDC5-5725-460F-9DAD-B7F8094FAA69", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:websphere_message_broker:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "0F93BF57-FD4F-456C-8DFD-CEF8B5AEF35D", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_message_broker:8.0.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "B859DAA9-1B0E-47CE-813D-108776C3B239", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM WebSphere Message Broker 6.1 before 6.1.0.11, 7.0 before 7.0.0.5, and 8.0 before 8.0.0.2 has incorrect ownership of certain uninstaller Java Runtime Environment (JRE) files, which might allow local users to gain privileges by leveraging access to uid 501 or gid 300."}, {"lang": "es", "value": "IBM WebSphere Message Broker v6.1 anterior a v6.1.0.11, v7.0 anterior a v7.0.0.5, y v8.0 anterior a v8.0.0.2 tiene la propiedad incorrecta de cierto programa de desinstalaci\u00f3n de Java Runtime Environment (JRE), lo que podr\u00eda permitir a usuarios locales obtener privilegios mediante el aprovechamiento de acceso a uid 501 o gid 300."}], "id": "CVE-2012-3317", "lastModified": "2017-08-29T01:31:53.243", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-12-05T11:57:14.757", "references": [{"source": "psirt@us.ibm.com", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC85477"}, {"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "http://www.ibm.com/support/docview.wss?uid=swg21611401"}, {"source": "psirt@us.ibm.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77818"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}