Vulnerability Name: | CVE-2009-0905 (CCN-51042) |
Assigned: | 2009-06-05 |
Published: | 2009-06-05 |
Updated: | 2017-08-17 |
Summary: | IBM WebSphere MQ 6.0 before 6.0.2.8 and 7.0 before 7.0.1.0 does not properly handle long group names, which might allow local users to gain privileges by leveraging combinations of group names with the same initial substring. Per: http://xforce.iss.net/xforce/xfdb/51042
'Note: This vulnerability only affects platforms where group names are limited to 12 characters in length.IB'
|
CVSS v3 Severity: | 2.8 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N)Exploitability Metrics: | Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): Required | Scope: | Scope (S): Unchanged
| Impact Metrics: | Confidentiality (C): None Integrity (I): Low Availibility (A): None |
|
CVSS v2 Severity: | 1.7 Low (CVSS v2 Vector: AV:L/AC:L/Au:S/C:N/I:P/A:N) 1.3 Low (Temporal CVSS v2 Vector: AV:L/AC:L/Au:S/C:N/I:P/A:N/E:U/RL:OF/RC:C)Exploitability Metrics: | Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): Single_Instance | Impact Metrics: | Confidentiality (C): None Integrity (I): Partial Availibility (A): None | 1.7 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:N/I:P/A:N) 1.3 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:S/C:N/I:P/A:N/E:U/RL:OF/RC:C)Exploitability Metrics: | Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): Single_Instance
| Impact Metrics: | Confidentiality (C): None Integrity (I): Partial Availibility (A): None |
|
Vulnerability Type: | CWE-20
|
Vulnerability Consequences: | Other |
References: | Source: MITRE Type: CNA CVE-2009-0905
Source: CCN Type: IBM Web site WebSphere MQ planned maintenance release dates
Source: AIXAPAR Type: UNKNOWN IZ37102
Source: CCN Type: OSVDB ID: 76873 IBM WebSphere MQ Long Group Name Parsing Local Privilege Escalation
Source: XF Type: UNKNOWN websphere-mq-group-weak-security(51042)
Source: XF Type: UNKNOWN websphere-mq-group-weak-security(51042)
|
Vulnerable Configuration: | Configuration 1: cpe:/a:ibm:websphere_mq:6.0:*:*:*:*:*:*:*OR cpe:/a:ibm:websphere_mq:6.0.1.0:*:*:*:*:*:*:*OR cpe:/a:ibm:websphere_mq:6.0.1.1:*:*:*:*:*:*:*OR cpe:/a:ibm:websphere_mq:6.0.2.0:*:*:*:*:*:*:*OR cpe:/a:ibm:websphere_mq:6.0.2.1:*:*:*:*:*:*:*OR cpe:/a:ibm:websphere_mq:6.0.2.2:*:*:*:*:*:*:*OR cpe:/a:ibm:websphere_mq:6.0.2.3:*:*:*:*:*:*:*OR cpe:/a:ibm:websphere_mq:6.0.2.4:*:*:*:*:*:*:*OR cpe:/a:ibm:websphere_mq:6.0.2.5:*:*:*:*:*:*:*OR cpe:/a:ibm:websphere_mq:6.0.2.6:*:*:*:*:*:*:*OR cpe:/a:ibm:websphere_mq:6.0.2.7:*:*:*:*:*:*:* Configuration 2: cpe:/a:ibm:websphere_mq:7.0:*:*:*:*:*:*:*OR cpe:/a:ibm:websphere_mq:7.0.0.1:*:*:*:*:*:*:*OR cpe:/a:ibm:websphere_mq:7.0.0.2:*:*:*:*:*:*:* Configuration CCN 1: cpe:/a:ibm:websphere_mq:6.0:*:*:*:*:*:*:*OR cpe:/a:ibm:websphere_mq:7.0:*:*:*:*:*:*:*
Denotes that component is vulnerable |
BACK |