CVE-2012-3317

high

Description

IBM WebSphere Message Broker 6.1 before 6.1.0.11, 7.0 before 7.0.0.5, and 8.0 before 8.0.0.2 has incorrect ownership of certain uninstaller Java Runtime Environment (JRE) files, which might allow local users to gain privileges by leveraging access to uid 501 or gid 300.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/77818

http://www.ibm.com/support/docview.wss?uid=swg21611401

http://www-01.ibm.com/support/docview.wss?uid=swg1IC85477

Details

Source: Mitre, NVD

Published: 2012-12-05

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 6.9

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.0005