VYPR
← All advisories
Unrated severityNVD Advisory· Published Oct 30, 2011· Updated Apr 29, 2026

CVE-2009-0905

CVE-2009-0905

Description

IBM WebSphere MQ 6.0 before 6.0.2.8 and 7.0 before 7.0.1.0 does not properly handle long group names, which might allow local users to gain privileges by leveraging combinations of group names with the same initial substring.

Affected products

15
  • IBM/Websphere Mq15 versions
    cpe:2.3:a:ibm:websphere_mq:6.0:*:*:*:*:*:*:*+ 14 more
    • cpe:2.3:a:ibm:websphere_mq:6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_mq:6.0.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_mq:6.0.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_mq:6.0.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_mq:6.0.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_mq:6.0.2.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_mq:6.0.2.3:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_mq:6.0.2.4:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_mq:6.0.2.5:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_mq:6.0.2.6:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_mq:6.0.2.7:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_mq:7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_mq:7.0.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_mq:7.0.0.2:*:*:*:*:*:*:*
    • (no CPE)range: >=6.0, <6.0.2.8; >=7.0, <7.0.1.0

Patches

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.