CVE-2007-6705IBM Websphere MQ vulnerability

CWE-2643 documents3 sources
Severity
3.3LOWNVD
EPSS
0.1%
top 82.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Websphere MQ
Timeline
PublishedMar 9
Latest updateMay 1

Description

The WebSphere MQ XA 5.3 before FP13 and 6.0.x before 6.0.2.1 client for Windows, when running in an MTS or a COM+ environment, grants the PROCESS_DUP_HANDLE privilege to the Everyone group upon connection to a queue manager, which allows local users to duplicate an arbitrary handle and possibly hijack an arbitrary process.

CVSS vector

AV:L/AC:M/C:N/I:P/A:PExploitability: 3.4 | Impact: 4.9

Affected Packages1 packages

NVDibm/websphere_mq5.3+1

🔴Vulnerability Details

2
GHSA
GHSA-gv37-fh2h-fxfw: The WebSphere MQ XA 52022-05-01
CVEList
CVE-2007-6705: The WebSphere MQ XA 52008-03-09
CVE-2007-6705 — IBM Websphere MQ vulnerability | cvebase