| Vulnerability Name: | CVE-2009-0439 (CCN-48529) | ||||||||
| Assigned: | 2009-02-23 | ||||||||
| Published: | 2009-02-23 | ||||||||
| Updated: | 2017-08-08 | ||||||||
| Summary: | Unspecified vulnerability in the queue manager in IBM WebSphere MQ (WMQ) 5.3, 6.0 before 6.0.2.6, and 7.0 before 7.0.0.2 allows local users to gain privileges via vectors related to the (1) setmqaut, (2) dmpmqaut, and (3) dspmqaut authorization commands. | ||||||||
| CVSS v3 Severity: | 4.8 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C) 5.3 Medium (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:S/C:P/I:P/A:P/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-noinfo CWE-264 | ||||||||
| Vulnerability Consequences: | Gain Privileges | ||||||||
| References: | Source: MITRE Type: CNA CVE-2009-0439 Source: OSVDB Type: UNKNOWN 52297 Source: CCN Type: SA34034 IBM WebSphere MQ Queue Manager Privilege Escalation Source: SECUNIA Type: UNKNOWN 34034 Source: CCN Type: IBM Web site WebSphere MQ Source: CCN Type: IBM Support & downloads Recommended Fixes for WebSphere MQ Source: MISC Type: Patch http://www-01.ibm.com/support/docview.wss?rs=171&uid=swg27006037 Source: AIXAPAR Type: UNKNOWN IZ40824 Source: CCN Type: OSVDB ID: 52297 IBM WebSphere MQ (WMQ) Queue Manager Multiple Authorization Command Local Privilege Escalation Source: BID Type: UNKNOWN 33857 Source: CCN Type: BID-33857 IBM WebSphere MQ Queue Manager Multiple Local Privilege Escalation Vulnerabilities Source: XF Type: UNKNOWN websphere-mq-privilege-escalation(48529) Source: XF Type: UNKNOWN websphere-mq-privilege-escalation(48529) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||