CVE-2009-0905Improper Input Validation in IBM Websphere MQ

CWE-20Improper Input Validation3 documents3 sources
Severity
1.7LOWNVD
EPSS
0.0%
top 84.99%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Websphere MQ
Timeline
PublishedOct 30
Latest updateMay 2

Description

IBM WebSphere MQ 6.0 before 6.0.2.8 and 7.0 before 7.0.1.0 does not properly handle long group names, which might allow local users to gain privileges by leveraging combinations of group names with the same initial substring.

CVSS vector

AV:L/AC:L/C:N/I:P/A:NExploitability: 3.1 | Impact: 2.9

Affected Packages1 packages

NVDibm/websphere_mq14 versions+13

🔴Vulnerability Details

2
GHSA
GHSA-8fg6-6hjr-4whj: IBM WebSphere MQ 62022-05-02
CVEList
CVE-2009-0905: IBM WebSphere MQ 62011-10-30
CVE-2009-0905 — Improper Input Validation in IBM | cvebase