CVE-2009-0905

Published Oct 30, 2011

Last updated 8 years ago

CVSS info 1.7

Overview

Description: IBM WebSphere MQ 6.0 before 6.0.2.8 and 7.0 before 7.0.1.0 does not properly handle long group names, which might allow local users to gain privileges by leveraging combinations of group names with the same initial substring.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 1.7
Impact score: 2.9
Exploitability score: 3.1
Vector string: AV:L/AC:L/Au:S/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-20

Hype score: Not currently trending

Evaluator

Comment: Per: http://xforce.iss.net/xforce/xfdb/51042 'Note: This vulnerability only affects platforms where group names are limited to 12 characters in length.IB'
Impact: -
Solution: -

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ibm:websphere_mq:6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E6D2279B-482A-4CA6-9EF2-C57A95969BC2"
          },
          {
            "criteria": "cpe:2.3:a:ibm:websphere_mq:6.0.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0F36C644-664C-4758-9762-E808C80AE904"
          },
          {
            "criteria": "cpe:2.3:a:ibm:websphere_mq:6.0.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9C670A3F-7BBB-4115-A037-B5E732ABB6BA"
          },
          {
            "criteria": "cpe:2.3:a:ibm:websphere_mq:6.0.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "24CD8F97-39E0-455C-92CA-F0FE9AE5A0CC"
          },
          {
            "criteria": "cpe:2.3:a:ibm:websphere_mq:6.0.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C97EC1D0-CA59-4E2C-84EB-054BF27D1BCF"
          },
          {
            "criteria": "cpe:2.3:a:ibm:websphere_mq:6.0.2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7CCD33A5-6567-43CB-909D-D1851ACF4AA8"
          },
          {
            "criteria": "cpe:2.3:a:ibm:websphere_mq:6.0.2.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D3664585-D0B4-467C-9B6D-4F8E239F7DCD"
          },
          {
            "criteria": "cpe:2.3:a:ibm:websphere_mq:6.0.2.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C2216808-BAE9-4034-9618-5EC4CCB80E7F"
          },
          {
            "criteria": "cpe:2.3:a:ibm:websphere_mq:6.0.2.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B6263B9D-A62A-4E41-958A-968F9ACA0CE6"
          },
          {
            "criteria": "cpe:2.3:a:ibm:websphere_mq:6.0.2.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "19983CDF-4769-4B56-98ED-CE7EE0C1AFF6"
          },
          {
            "criteria": "cpe:2.3:a:ibm:websphere_mq:6.0.2.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9377F533-15D0-4F81-B7C1-A84E5346EF6C"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ibm:websphere_mq:7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "594287A4-AF30-4872-A5B8-1421FAB5C674"
          },
          {
            "criteria": "cpe:2.3:a:ibm:websphere_mq:7.0.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "896273C9-11F9-45A0-BA46-66F37DFACCC7"
          },
          {
            "criteria": "cpe:2.3:a:ibm:websphere_mq:7.0.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AF396289-8409-4FE2-96DB-99818D5680B4"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Evaluator

Configurations

References