CVE-2009-0900

IBM WebSphere MQ 6.0-6.0.2.6 and 7.0-7.0.0.9 - Local Privilege Escalation via Crafted SSL Information in CCDT File

Title source: llm
STIX 2.1

Description

Heap-based buffer overflow in the client in IBM WebSphere MQ 6.0 before 6.0.2.7 and 7.0 before 7.0.1.0 allows local users to gain privileges via crafted SSL information in a Client Channel Definition Table (CCDT) file.

References (2)

Core 2
Core References
Various Sources vendor-advisory x_refsource_aixapar
http://www.ibm.com/support/docview.wss?uid=swg1IC59375
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/51038

Scores

EPSS 0.0032
EPSS Percentile 24.1%

Details

CWE
CWE-119
Status published
Products (14)
ibm/websphere_mq 6.0
ibm/websphere_mq 6.0.1.0
ibm/websphere_mq 6.0.1.1
ibm/websphere_mq 6.0.2.0
ibm/websphere_mq 6.0.2.1
ibm/websphere_mq 6.0.2.2
ibm/websphere_mq 6.0.2.3
ibm/websphere_mq 6.0.2.4
ibm/websphere_mq 6.0.2.5
ibm/websphere_mq 6.0.2.6
... and 4 more
Published Oct 30, 2011
Tracked Since Feb 18, 2026