CVE-2009-0905: Input Validation
First published: Sun Oct 30 2011(Updated: )
IBM WebSphere MQ 6.0 before 6.0.2.8 and 7.0 before 7.0.1.0 does not properly handle long group names, which might allow local users to gain privileges by leveraging combinations of group names with the same initial substring.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM WebSphere MQ | =6.0.1.0 | |
| IBM WebSphere MQ | =6.0 | |
| IBM WebSphere MQ | =6.0.2.4 | |
| IBM WebSphere MQ | =6.0.1.1 | |
| IBM WebSphere MQ | =6.0.2.7 | |
| IBM WebSphere MQ | =6.0.2.3 | |
| IBM WebSphere MQ | =6.0.2.1 | |
| IBM WebSphere MQ | =6.0.2.2 | |
| IBM WebSphere MQ | =6.0.2.0 | |
| IBM WebSphere MQ | =6.0.2.5 | |
| IBM WebSphere MQ | =6.0.2.6 | |
| IBM WebSphere MQ | =7.0.0.1 | |
| IBM WebSphere MQ | =7.0.0.2 | |
| IBM WebSphere MQ | =7.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/nvd-historical
- collector/nvd-index
- vendor/ibm
- canonical/ibm websphere mq
- version/ibm websphere mq/6.0.1.0
- version/ibm websphere mq/6.0
- version/ibm websphere mq/6.0.2.4
- version/ibm websphere mq/6.0.1.1
- version/ibm websphere mq/6.0.2.7
- version/ibm websphere mq/6.0.2.3
- version/ibm websphere mq/6.0.2.1
- version/ibm websphere mq/6.0.2.2
- version/ibm websphere mq/6.0.2.0
- version/ibm websphere mq/6.0.2.5
- version/ibm websphere mq/6.0.2.6
- version/ibm websphere mq/7.0.0.1
- version/ibm websphere mq/7.0.0.2
- version/ibm websphere mq/7.0