CVE-2009-0905

high

Description

IBM WebSphere MQ 6.0 before 6.0.2.8 and 7.0 before 7.0.1.0 does not properly handle long group names, which might allow local users to gain privileges by leveraging combinations of group names with the same initial substring.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/51042

http://www.ibm.com/support/docview.wss?uid=swg1IZ37102

Details

Source: Mitre, NVD

Published: 2011-10-30

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 1.7

Vector: CVSS2#AV:L/AC:L/Au:S/C:N/I:P/A:N

Severity: Low

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00049