CVE-2012-5952

CVE Descriptions

IBM WebSphere Message Broker 6.1 before 6.1.0.12, 7.0 before 7.0.0.6, and 8.0 before 8.0.0.2 does not validate Basic Authentication credentials before proceeding to WS-Addressing and WS-Security operations, which allows remote attackers to trigger transmission of unauthenticated messages via unspecified vectors.

CVE Informations

Related Weaknesses

CWE-ID	Weakness Name	Source
CWE-287	Improper Authentication When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Metrics

Metrics	Score	Severity	CVSS Vector	Source
V2	5		AV:N/AC:L/Au:N/C:N/I:P/A:N	nvd@nist.gov

EPSS

EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.

EPSS Score

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

Date	EPSS V0	EPSS V1	EPSS V2 (> 2022-02-04)	EPSS V3 (> 2025-03-07)	EPSS V4 (> 2025-03-17)
2022-02-06	–	–	1.14%	–	–
2022-02-13	–	–	1.14%	–	–
2022-04-03	–	–	1.14%	–	–
2022-04-24	–	–	1.14%	–	–
2022-07-17	–	–	1.14%	–	–
2022-11-13	–	–	1.14%	–	–
2022-11-20	–	–	1.14%	–	–
2022-12-04	–	–	1.14%	–	–
2023-03-12	–	–	–	0.3%	–
2023-07-09	–	–	–	0.3%	–
2024-01-21	–	–	–	0.3%	–
2024-02-11	–	–	–	0.3%	–
2024-06-02	–	–	–	0.3%	–
2024-12-15	–	–	–	0.3%	–
2024-12-22	–	–	–	0.3%	–
2025-01-19	–	–	–	0.3%	–
2025-01-19	–	–	–	0.3%	–
2025-03-18	–	–	–	–	0.22%
2025-03-30	–	–	–	–	0.22%
2025-04-15	–	–	–	–	0.22%
2025-05-02	–	–	–	–	0.22%
2025-05-04	–	–	–	–	0.22%
2025-05-04	–	–	–	–	0.22,%

EPSS Percentile

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

EPSS First.org

Date	Percentile
2022-02-06	34%
2022-02-13	35%
2022-04-03	56%
2022-04-24	57%
2022-07-17	58%
2022-11-13	59%
2022-11-20	58%
2022-12-04	59%
2023-03-12	65%
2023-07-09	66%
2024-01-21	67%
2024-02-11	69%
2024-06-02	7%
2024-12-15	71%
2024-12-22	69%
2025-01-19	7%
2025-01-19	7%
2025-03-18	42%
2025-03-30	41%
2025-04-15	44%
2025-05-02	45%
2025-05-04	44%
2025-05-04	44%

Products Mentioned

Configuraton 0

Ibm>>Websphere_message_broker >> Version 6.1

Ibm>>Websphere_message_broker >> Version 6.1 (Open CPE detail)

Ibm>>Websphere_message_broker >> Version 6.1.0.1

Ibm>>Websphere_message_broker >> Version 6.1.0.1 (Open CPE detail)

Ibm>>Websphere_message_broker >> Version 6.1.0.2

Ibm>>Websphere_message_broker >> Version 6.1.0.2 (Open CPE detail)

Ibm>>Websphere_message_broker >> Version 6.1.0.3

Ibm>>Websphere_message_broker >> Version 6.1.0.3 (Open CPE detail)

Ibm>>Websphere_message_broker >> Version 6.1.0.4

Ibm>>Websphere_message_broker >> Version 6.1.0.4 (Open CPE detail)

Ibm>>Websphere_message_broker >> Version 6.1.0.5

Ibm>>Websphere_message_broker >> Version 6.1.0.5 (Open CPE detail)

Ibm>>Websphere_message_broker >> Version 6.1.0.6

Ibm>>Websphere_message_broker >> Version 6.1.0.6 (Open CPE detail)

Ibm>>Websphere_message_broker >> Version 6.1.0.7

Ibm>>Websphere_message_broker >> Version 6.1.0.7 (Open CPE detail)

Ibm>>Websphere_message_broker >> Version 6.1.0.8

Ibm>>Websphere_message_broker >> Version 6.1.0.8 (Open CPE detail)

Ibm>>Websphere_message_broker >> Version 6.1.0.9

Ibm>>Websphere_message_broker >> Version 6.1.0.9 (Open CPE detail)

Ibm>>Websphere_message_broker >> Version 6.1.0.10

Ibm>>Websphere_message_broker >> Version 6.1.0.10 (Open CPE detail)

Ibm>>Websphere_message_broker >> Version 6.1.0.11

Ibm>>Websphere_message_broker >> Version 6.1.0.11 (Open CPE detail)

Configuraton 0

Ibm>>Websphere_message_broker >> Version 7.0.

Ibm>>Websphere_message_broker >> Version 7.0. (Open CPE detail)

Ibm>>Websphere_message_broker >> Version 7.0.0.1

Ibm>>Websphere_message_broker >> Version 7.0.0.1 (Open CPE detail)

Ibm>>Websphere_message_broker >> Version 7.0.0.2

Ibm>>Websphere_message_broker >> Version 7.0.0.2 (Open CPE detail)

Ibm>>Websphere_message_broker >> Version 7.0.0.3

Ibm>>Websphere_message_broker >> Version 7.0.0.3 (Open CPE detail)

Ibm>>Websphere_message_broker >> Version 7.0.0.4

Ibm>>Websphere_message_broker >> Version 7.0.0.4 (Open CPE detail)

Ibm>>Websphere_message_broker >> Version 7.0.0.5

Ibm>>Websphere_message_broker >> Version 7.0.0.5 (Open CPE detail)

Configuraton 0

Ibm>>Websphere_message_broker >> Version 8.0

Ibm>>Websphere_message_broker >> Version 8.0 (Open CPE detail)

Ibm>>Websphere_message_broker >> Version 8.0.0.1

Ibm>>Websphere_message_broker >> Version 8.0.0.1 (Open CPE detail)

References

http://www-01.ibm.com/support/docview.wss?uid=swg21623316
Tags : x_refsource_CONFIRM

http://www-01.ibm.com/support/docview.wss?uid=swg1IC89803
Tags : vendor-advisory, x_refsource_AIXAPAR

https://exchange.xforce.ibmcloud.com/vulnerabilities/80666
Tags : vdb-entry, x_refsource_XF

CVE-2012-5952 : Detail

CVE-2012-5952

CVE Descriptions

CVE Informations

Related Weaknesses

Metrics

EPSS

EPSS Score

EPSS Percentile

Products Mentioned

Configuraton 0

Configuraton 0

Configuraton 0

References