CVE-2009-0900

Published Oct 30, 2011

Last updated 7 years ago

Overview

Description: Heap-based buffer overflow in the client in IBM WebSphere MQ 6.0 before 6.0.2.7 and 7.0 before 7.0.1.0 allows local users to gain privileges via crafted SSL information in a Client Channel Definition Table (CCDT) file.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.1
Impact score: 6.4
Exploitability score: 2.7
Vector string: AV:L/AC:M/Au:S/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-119

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ibm:websphere_mq:6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E6D2279B-482A-4CA6-9EF2-C57A95969BC2"
          },
          {
            "criteria": "cpe:2.3:a:ibm:websphere_mq:6.0.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0F36C644-664C-4758-9762-E808C80AE904"
          },
          {
            "criteria": "cpe:2.3:a:ibm:websphere_mq:6.0.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9C670A3F-7BBB-4115-A037-B5E732ABB6BA"
          },
          {
            "criteria": "cpe:2.3:a:ibm:websphere_mq:6.0.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "24CD8F97-39E0-455C-92CA-F0FE9AE5A0CC"
          },
          {
            "criteria": "cpe:2.3:a:ibm:websphere_mq:6.0.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C97EC1D0-CA59-4E2C-84EB-054BF27D1BCF"
          },
          {
            "criteria": "cpe:2.3:a:ibm:websphere_mq:6.0.2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7CCD33A5-6567-43CB-909D-D1851ACF4AA8"
          },
          {
            "criteria": "cpe:2.3:a:ibm:websphere_mq:6.0.2.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D3664585-D0B4-467C-9B6D-4F8E239F7DCD"
          },
          {
            "criteria": "cpe:2.3:a:ibm:websphere_mq:6.0.2.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C2216808-BAE9-4034-9618-5EC4CCB80E7F"
          },
          {
            "criteria": "cpe:2.3:a:ibm:websphere_mq:6.0.2.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B6263B9D-A62A-4E41-958A-968F9ACA0CE6"
          },
          {
            "criteria": "cpe:2.3:a:ibm:websphere_mq:6.0.2.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "19983CDF-4769-4B56-98ED-CE7EE0C1AFF6"
          },
          {
            "criteria": "cpe:2.3:a:ibm:websphere_mq:6.0.2.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AFF09F4C-9F56-4931-8839-044491B5FA40"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ibm:websphere_mq:7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "594287A4-AF30-4872-A5B8-1421FAB5C674"
          },
          {
            "criteria": "cpe:2.3:a:ibm:websphere_mq:7.0.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "896273C9-11F9-45A0-BA46-66F37DFACCC7"
          },
          {
            "criteria": "cpe:2.3:a:ibm:websphere_mq:7.0.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AF396289-8409-4FE2-96DB-99818D5680B4"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References