August 13, 2012

IBM MQ FTE Vulnerabilities

In the past month I established penetration test on IBM MQ File Transfer Edition, as result I found two main vulnerabilities: CSRF and insufficient access control to files of other users.

I would like to share the vulnerabilities that I found:
1. Insufficient access control - CVE 2012-2206 (ibm), Exploitation methods (exploit-db).
2. CSRF - CVE 2012-3294 (ibm), Exploitation methods (exploit-db).