Lucene search

[email protected]CVE-2007-6705

HistoryMar 09, 2008 - 2:44 a.m.

CVE-2007-6705

2008-03-0902:44:00

CWE-264

[email protected]

web.nvd.nist.gov

websphere mq

xa 5.3

6.0.x

windows

privilege escalation

vulnerability

cve-2007-6705

6.6 Medium

AI Score

Confidence

High

3.3 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:N/I:P/A:P

0.0004 Low

EPSS

Percentile

5.2%

JSON

The WebSphere MQ XA 5.3 before FP13 and 6.0.x before 6.0.2.1 client for Windows, when running in an MTS or a COM+ environment, grants the PROCESS_DUP_HANDLE privilege to the Everyone group upon connection to a queue manager, which allows local users to duplicate an arbitrary handle and possibly hijack an arbitrary process.

Affected configurations

NVD

Node

ibmwebsphere_mqRange≤5.3fp_13

ibmwebsphere_mqRange≤6.0.2.0

CPENameOperatorVersion
ibm:websphere_mqibm websphere mqle5.3
ibm:websphere_mqibm websphere mqle6.0.2.0

CPE	Name	Operator	Version
ibm:websphere_mq	ibm websphere mq	le	5.3
ibm:websphere_mq	ibm websphere mq	le	6.0.2.0

References

osvdb.org/43167

securitytracker.com/id?1019529

www-1.ibm.com/support/docview.wss?uid=swg1IC50431

6.6 Medium

AI Score

Confidence

High

3.3 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:N/I:P/A:P

0.0004 Low

EPSS

Percentile

5.2%

JSON

Related for CVE-2007-6705

nvd1 cvelist1 prion1