August 13, 2012

IBM MQ FTE Vulnerabilities

In the past month I established penetration test on IBM MQ File Transfer Edition, as result I found two main vulnerabilities: CSRF and insufficient access control to files of other users.

I would like to share the vulnerabilities that I found:
1. Insufficient access control - CVE 2012-2206 (ibm), Exploitation methods (exploit-db).
2. CSRF - CVE 2012-3294 (ibm), Exploitation methods (exploit-db).


1 comment:

  1. Thank you very much for this article, it is so rare to see nowadays written as fervently article. I enjoyed reading it and I learned a lot of things. I will go and continue reading your blog =). Good luck for the future and another one for the quality of it.You can also check out this (http://www.sqiar.com).

    ReplyDelete