Vulnerability Details CVE-2009-0905
IBM WebSphere MQ 6.0 before 6.0.2.8 and 7.0 before 7.0.1.0 does not properly handle long group names, which might allow local users to gain privileges by leveraging combinations of group names with the same initial substring.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 15.1%
CVSS Severity
CVSS v2 Score 1.7
References
Products affected by CVE-2009-0905
-
cpe:2.3:a:ibm:websphere_mq:6.0
-
cpe:2.3:a:ibm:websphere_mq:6.0.1.0
-
cpe:2.3:a:ibm:websphere_mq:6.0.1.1
-
cpe:2.3:a:ibm:websphere_mq:6.0.2.0
-
cpe:2.3:a:ibm:websphere_mq:6.0.2.1
-
cpe:2.3:a:ibm:websphere_mq:6.0.2.2
-
cpe:2.3:a:ibm:websphere_mq:6.0.2.3
-
cpe:2.3:a:ibm:websphere_mq:6.0.2.4
-
cpe:2.3:a:ibm:websphere_mq:6.0.2.5
-
cpe:2.3:a:ibm:websphere_mq:6.0.2.6
-
cpe:2.3:a:ibm:websphere_mq:6.0.2.7
-
cpe:2.3:a:ibm:websphere_mq:7.0
-
cpe:2.3:a:ibm:websphere_mq:7.0.0.1
-
cpe:2.3:a:ibm:websphere_mq:7.0.0.2