CVE-2009-0905

IBM WebSphere MQ 6.0-6.0.2.7 and 7.0 - Privilege Escalation via Long Group Name Handling

Title source: llm
STIX 2.1

Description

IBM WebSphere MQ 6.0 before 6.0.2.8 and 7.0 before 7.0.1.0 does not properly handle long group names, which might allow local users to gain privileges by leveraging combinations of group names with the same initial substring.

References (2)

Core 2
Core References
Various Sources vendor-advisory x_refsource_aixapar
http://www.ibm.com/support/docview.wss?uid=swg1IZ37102
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/51042

Scores

EPSS 0.0024
EPSS Percentile 14.4%

Details

CWE
CWE-20
Status published
Products (14)
ibm/websphere_mq 6.0
ibm/websphere_mq 6.0.1.0
ibm/websphere_mq 6.0.1.1
ibm/websphere_mq 6.0.2.0
ibm/websphere_mq 6.0.2.1
ibm/websphere_mq 6.0.2.2
ibm/websphere_mq 6.0.2.3
ibm/websphere_mq 6.0.2.4
ibm/websphere_mq 6.0.2.5
ibm/websphere_mq 6.0.2.6
... and 4 more
Published Oct 30, 2011
Tracked Since Feb 18, 2026