IBM WebSphere MQ 6.0 before 6.0.2.8 and 7.0 before 7.0.1.0 does not properly handle long group names, which might allow local users to gain privileges by leveraging combinations of group names with the same initial substring.
https://exchange.xforce.ibmcloud.com/vulnerabilities/51042
http://www.ibm.com/support/docview.wss?uid=swg1IZ37102
Source: Mitre, NVD
Published: 2011-10-30
Updated: 2026-06-16
Base Score: 1.7
Vector: CVSS2#AV:L/AC:L/Au:S/C:N/I:P/A:N
Severity: Low
Base Score: 7.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: High
EPSS: 0.00049