CVE-2009-0905
IBM WebSphere MQ 6.0-6.0.2.7 and 7.0 - Privilege Escalation via Long Group Name Handling
Title source: llmDescription
IBM WebSphere MQ 6.0 before 6.0.2.8 and 7.0 before 7.0.1.0 does not properly handle long group names, which might allow local users to gain privileges by leveraging combinations of group names with the same initial substring.
References (2)
Core 2
Core References
Various Sources vendor-advisory
x_refsource_aixapar
http://www.ibm.com/support/docview.wss?uid=swg1IZ37102
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/51042
Scores
EPSS
0.0024
EPSS Percentile
14.4%
Details
CWE
CWE-20
Status
published
Products (14)
ibm/websphere_mq
6.0
ibm/websphere_mq
6.0.1.0
ibm/websphere_mq
6.0.1.1
ibm/websphere_mq
6.0.2.0
ibm/websphere_mq
6.0.2.1
ibm/websphere_mq
6.0.2.2
ibm/websphere_mq
6.0.2.3
ibm/websphere_mq
6.0.2.4
ibm/websphere_mq
6.0.2.5
ibm/websphere_mq
6.0.2.6
... and 4 more
Published
Oct 30, 2011
Tracked Since
Feb 18, 2026