CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2007-6705
https://notcve.org/view.php?id=CVE-2007-6705
09 Mar 2008 — The WebSphere MQ XA 5.3 before FP13 and 6.0.x before 6.0.2.1 client for Windows, when running in an MTS or a COM+ environment, grants the PROCESS_DUP_HANDLE privilege to the Everyone group upon connection to a queue manager, which allows local users to duplicate an arbitrary handle and possibly hijack an arbitrary process. El cliente WebSphere MQ XA 5.3 antes de FP13 y 6.0.x antes de 6.0.2.1 para Windows, cuando se ejecuta en un entorno MTS o COM+, garantiza el privilegio PROCESS_DUP_HANDLE al grupo Everyon... • http://osvdb.org/43167 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2008-1130
https://notcve.org/view.php?id=CVE-2008-1130
04 Mar 2008 — Unspecified vulnerability in IBM WebSphere MQ 6.0.x before 6.0.2.2 and 5.3 before Fix Pack 14 allows attackers to bypass access restrictions for a queue manager via a SVRCONN (MQ client) channel. Vulnerabilidad no especificada en IBM WebSphere MQ 6.0.x versiones anteriores a 6.0.2.2 y 5.3 versiones anteriores Fix Pack 14 permite a atacantes evitar restricciones de acceso para un gestor de colas a través un canal SVRCONN (MQ client). • http://secunia.com/advisories/29170 • CWE-287: Improper Authentication •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2007-6044
https://notcve.org/view.php?id=CVE-2007-6044
20 Nov 2007 — Multiple unspecified vulnerabilities in IBM WebSphere MQ 6.0 have unknown impact and remote attack vectors involving "memory corruption." NOTE: as of 20071116, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. Múltiples vulnerabilidades no especificadas en IBM WebSphere MQ 6.0 tienen un impacto desconocido y vectores de ataque remotos que afectan al "consumo de memoria." ... • http://osvdb.org/45302 • CWE-399: Resource Management Errors •