CVE-2009-0905
Published Oct 30, 2011
Last updated 7 years ago
Overview
- Description
- IBM WebSphere MQ 6.0 before 6.0.2.8 and 7.0 before 7.0.1.0 does not properly handle long group names, which might allow local users to gain privileges by leveraging combinations of group names with the same initial substring.
- Source
- cve@mitre.org
- NVD status
- Modified
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 1.7
- Impact score
- 2.9
- Exploitability score
- 3.1
- Vector string
- AV:L/AC:L/Au:S/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-20
Social media
- Hype score
- Not currently trending
Evaluator
- Comment
- Per: http://xforce.iss.net/xforce/xfdb/51042 'Note: This vulnerability only affects platforms where group names are limited to 12 characters in length.IB'
- Impact
- -
- Solution
- -
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_mq:6.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E6D2279B-482A-4CA6-9EF2-C57A95969BC2"
},
{
"criteria": "cpe:2.3:a:ibm:websphere_mq:6.0.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0F36C644-664C-4758-9762-E808C80AE904"
},
{
"criteria": "cpe:2.3:a:ibm:websphere_mq:6.0.1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9C670A3F-7BBB-4115-A037-B5E732ABB6BA"
},
{
"criteria": "cpe:2.3:a:ibm:websphere_mq:6.0.2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "24CD8F97-39E0-455C-92CA-F0FE9AE5A0CC"
},
{
"criteria": "cpe:2.3:a:ibm:websphere_mq:6.0.2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C97EC1D0-CA59-4E2C-84EB-054BF27D1BCF"
},
{
"criteria": "cpe:2.3:a:ibm:websphere_mq:6.0.2.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7CCD33A5-6567-43CB-909D-D1851ACF4AA8"
},
{
"criteria": "cpe:2.3:a:ibm:websphere_mq:6.0.2.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D3664585-D0B4-467C-9B6D-4F8E239F7DCD"
},
{
"criteria": "cpe:2.3:a:ibm:websphere_mq:6.0.2.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C2216808-BAE9-4034-9618-5EC4CCB80E7F"
},
{
"criteria": "cpe:2.3:a:ibm:websphere_mq:6.0.2.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B6263B9D-A62A-4E41-958A-968F9ACA0CE6"
},
{
"criteria": "cpe:2.3:a:ibm:websphere_mq:6.0.2.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "19983CDF-4769-4B56-98ED-CE7EE0C1AFF6"
},
{
"criteria": "cpe:2.3:a:ibm:websphere_mq:6.0.2.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9377F533-15D0-4F81-B7C1-A84E5346EF6C"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_mq:7.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "594287A4-AF30-4872-A5B8-1421FAB5C674"
},
{
"criteria": "cpe:2.3:a:ibm:websphere_mq:7.0.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "896273C9-11F9-45A0-BA46-66F37DFACCC7"
},
{
"criteria": "cpe:2.3:a:ibm:websphere_mq:7.0.0.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AF396289-8409-4FE2-96DB-99818D5680B4"
}
],
"operator": "OR"
}
]
}
]