CVE-2009-0439
https://notcve.org/view.php?id=CVE-2009-0439
Unspecified vulnerability in the queue manager in IBM WebSphere MQ (WMQ) 5.3, 6.0 before 6.0.2.6, and 7.0 before 7.0.0.2 allows local users to gain privileges via vectors related to the (1) setmqaut, (2) dmpmqaut, and (3) dspmqaut authorization commands. Vulnerabilidad no especificada en el gestor de cola de IBM WebSphere MQ (WMQ) v5.3, v6.0 anterior a v6.0.2.6 y v7.0 anterior a v7.0.0.2; permite a usuarios locales obtener privilegios a través de vectores relacionados con los comandos de autorización (1) setmqaut, (2) dmpmqaut y (3) dspmqaut. • http://osvdb.org/52297 http://secunia.com/advisories/34034 http://www-01.ibm.com/support/docview.wss?rs=171&uid=swg27006037 http://www-1.ibm.com/support/docview.wss?uid=swg1IZ40824 http://www.securityfocus.com/bid/33857 https://exchange.xforce.ibmcloud.com/vulnerabilities/48529 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2008-1592
https://notcve.org/view.php?id=CVE-2008-1592
MQSeries 5.1 in IBM WebSphere MQ 5.1 through 5.3.1 on the HP NonStop and Tandem NSK platforms does not require mqm group membership for execution of administrative tasks, which allows local users to bypass intended access restrictions via the runmqsc program, related to "Pathway panels." MQSeries 5.1 en IBM WebSphere MQ de 5.1 a 5.3.1 en las plataformas HP NonStop y Tandem NSK no requiere que se sea del grupo mqm para la ejecución de tareas administrativas, lo que permite a usuarios locales evitar las restricciones de acceso pervistas a través del programa runmqsc, relacionado con "paneles Pathway". • http://secunia.com/advisories/29360 http://securitytracker.com/id?1019610 http://www-1.ibm.com/support/docview.wss?uid=swg21297035 http://www.securityfocus.com/bid/28235 http://www.vupen.com/english/advisories/2008/0869 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2007-6705
https://notcve.org/view.php?id=CVE-2007-6705
The WebSphere MQ XA 5.3 before FP13 and 6.0.x before 6.0.2.1 client for Windows, when running in an MTS or a COM+ environment, grants the PROCESS_DUP_HANDLE privilege to the Everyone group upon connection to a queue manager, which allows local users to duplicate an arbitrary handle and possibly hijack an arbitrary process. El cliente WebSphere MQ XA 5.3 antes de FP13 y 6.0.x antes de 6.0.2.1 para Windows, cuando se ejecuta en un entorno MTS o COM+, garantiza el privilegio PROCESS_DUP_HANDLE al grupo Everyone (Todo el mundo) hasta la conexión a un gestionador de cola, el cual permite a usuarios locales duplicar una manipulación de su elección y prosiblemente secuestrar un proceso de su elección. • http://osvdb.org/43167 http://securitytracker.com/id?1019529 http://www-1.ibm.com/support/docview.wss?uid=swg1IC50431 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2008-1130
https://notcve.org/view.php?id=CVE-2008-1130
Unspecified vulnerability in IBM WebSphere MQ 6.0.x before 6.0.2.2 and 5.3 before Fix Pack 14 allows attackers to bypass access restrictions for a queue manager via a SVRCONN (MQ client) channel. Vulnerabilidad no especificada en IBM WebSphere MQ 6.0.x versiones anteriores a 6.0.2.2 y 5.3 versiones anteriores Fix Pack 14 permite a atacantes evitar restricciones de acceso para un gestor de colas a través un canal SVRCONN (MQ client). • http://secunia.com/advisories/29170 http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg1IZ01272 http://www.securityfocus.com/bid/28046 http://www.securitytracker.com/id?1019527 http://www.vupen.com/english/advisories/2008/0719 • CWE-287: Improper Authentication •
CVE-2007-6044
https://notcve.org/view.php?id=CVE-2007-6044
Multiple unspecified vulnerabilities in IBM WebSphere MQ 6.0 have unknown impact and remote attack vectors involving "memory corruption." NOTE: as of 20071116, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. Múltiples vulnerabilidades no especificadas en IBM WebSphere MQ 6.0 tienen un impacto desconocido y vectores de ataque remotos que afectan al "consumo de memoria." NOTA: como en 20071116, la única divulgación es un vago preaviso con una información no accinable. • http://osvdb.org/45302 http://securityreason.com/securityalert/3381 http://www.irmplc.com/index.php/111-Vendor-Alerts#IBM http://www.securityfocus.com/archive/1/483708/100/0/threaded http://www.securityfocus.com/bid/26441 • CWE-399: Resource Management Errors •