Page 4 of 18 results (0.042 seconds)

CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 0

The WebSphere MQ XA 5.3 before FP13 and 6.0.x before 6.0.2.1 client for Windows, when running in an MTS or a COM+ environment, grants the PROCESS_DUP_HANDLE privilege to the Everyone group upon connection to a queue manager, which allows local users to duplicate an arbitrary handle and possibly hijack an arbitrary process. El cliente WebSphere MQ XA 5.3 antes de FP13 y 6.0.x antes de 6.0.2.1 para Windows, cuando se ejecuta en un entorno MTS o COM+, garantiza el privilegio PROCESS_DUP_HANDLE al grupo Everyone (Todo el mundo) hasta la conexión a un gestionador de cola, el cual permite a usuarios locales duplicar una manipulación de su elección y prosiblemente secuestrar un proceso de su elección. • http://osvdb.org/43167 http://securitytracker.com/id?1019529 http://www-1.ibm.com/support/docview.wss?uid=swg1IC50431 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 6.6EPSS: 0%CPEs: 2EXPL: 0

Unspecified vulnerability in IBM WebSphere MQ 6.0.x before 6.0.2.2 and 5.3 before Fix Pack 14 allows attackers to bypass access restrictions for a queue manager via a SVRCONN (MQ client) channel. Vulnerabilidad no especificada en IBM WebSphere MQ 6.0.x versiones anteriores a 6.0.2.2 y 5.3 versiones anteriores Fix Pack 14 permite a atacantes evitar restricciones de acceso para un gestor de colas a través un canal SVRCONN (MQ client). • http://secunia.com/advisories/29170 http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg1IZ01272 http://www.securityfocus.com/bid/28046 http://www.securitytracker.com/id?1019527 http://www.vupen.com/english/advisories/2008/0719 • CWE-287: Improper Authentication •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

Multiple unspecified vulnerabilities in IBM WebSphere MQ 6.0 have unknown impact and remote attack vectors involving "memory corruption." NOTE: as of 20071116, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. Múltiples vulnerabilidades no especificadas en IBM WebSphere MQ 6.0 tienen un impacto desconocido y vectores de ataque remotos que afectan al "consumo de memoria." NOTA: como en 20071116, la única divulgación es un vago preaviso con una información no accinable. • http://osvdb.org/45302 http://securityreason.com/securityalert/3381 http://www.irmplc.com/index.php/111-Vendor-Alerts#IBM http://www.securityfocus.com/archive/1/483708/100/0/threaded http://www.securityfocus.com/bid/26441 • CWE-399: Resource Management Errors •