*Exploit Author:* Nir Valtman
*Affected Platforms: *Version 7.0.4 and all previous versions of
WebSphereMQ File Transfer
on all platforms are affected.
published the CVE above without mentioning my name, since I found it in the
same time while IBM's team found it. This mail contains the exploitation
methods of the CVE
*Description:* Malicious user is able to access other user's files and
*1. Privilege escalation to view other user's files and filespace*
I logged on using user "user2" (non-administrative account
with download\upload files permissions only) and then sent a GET request to
the following URL:
As a result, the response included the data of "user1".
*2. Privilege escalation to download user user's files*
In order to execute the attack, the malicious user should know the file
name and the related ID before executing the attack.
In this scenario, The malicious user is "user2" and the attacked user is
If "user2" knows the url to file of "user1", then he can access this file,
e.g. "user2" is able to access the following URL using a GET request: