What is CVE-2012-6274?

CVE-2012-6274 is a vulnerability in Bigantsoft Bigant_im_message_server, classified under Improper Authentication. Published 2013-02-24.

Is CVE-2012-6274 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Auth bypass in Bigantsoft Bigant_im_message_server

CVE-2012-6274

BigAntSoft BigAnt IM Message Server does not require authentication for file uploading, which allows remote attackers to create arbitrary files under AntServer\DocData\Public via unspecified vectors.

Vulnerability class: Broken Authentication

EPSS: 0.753 (98.9th percentile) — read the EPSS interpretation.

Affected products

Bigantsoft Bigant_im_message_server
N/a — versions n/a

Weakness classification (CWE)

CWE-287 — Improper Authentication

Public proof-of-concept exploits

rapid7/metasploit-framework

References

VU#990652 (x_refsource_CERT-VN, US Government Resource, third-party-advisory)

Frequently asked questions

What is CVE-2012-6274?: CVE-2012-6274 is a vulnerability in Bigantsoft Bigant_im_message_server, classified under Improper Authentication. Published 2013-02-24.
Is CVE-2012-6274 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.