Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0905

Overview

Vulnerability Score 1.7 1.7
CVE Id CVE-2009-0905
Last Modified 29 Feb 2012 12:00:00
Published 30 Oct 2011 03:55:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2009-0905

Summary

IBM WebSphere MQ 6.0 before 6.0.2.8 and 7.0 before 7.0.1.0 does not properly handle long group names, which might allow local users to gain privileges by leveraging combinations of group names with the same initial substring.

Vulnerable Systems

Application

  • Ibm Websphere Mq 6.0

  • Ibm Websphere Mq 6.0.1.0

  • Ibm Websphere Mq 6.0.1.1

  • Ibm Websphere Mq 6.0.2.0

  • Ibm Websphere Mq 6.0.2.1

  • Ibm Websphere Mq 6.0.2.2

  • Ibm Websphere Mq 6.0.2.3

  • Ibm Websphere Mq 6.0.2.4

  • Ibm Websphere Mq 6.0.2.5

  • Ibm Websphere Mq 6.0.2.6

  • Ibm Websphere Mq 6.0.2.7

  • Ibm Websphere Mq 7.0

  • Ibm Websphere Mq 7.0.0.1

  • Ibm Websphere Mq 7.0.0.2


References

XF - websphere-mq-group-weak-security(51042)

AIXAPAR - IZ37102


Last Updated: 27 May 2016 10:50:24