All the vulnerabilites related to ibm - lotus_domino
cve-2008-2240
Vulnerability from cvelistv5
Published
2008-05-22 10:00
Modified
2024-08-07 08:49
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in the Web Server service in IBM Lotus Domino before 7.0.3 FP1, and 8.x before 8.0.1, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long Accept-Language HTTP header.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.attrition.org/pipermail/vim/2008-May/001988.html | mailing-list, x_refsource_VIM | |
| http://www.vupen.com/english/advisories/2008/1597 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/30310 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.attrition.org/pipermail/vim/2008-May/001989.html | mailing-list, x_refsource_VIM | |
| http://secunia.com/advisories/30332 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/42552 | vdb-entry, x_refsource_XF | |
| http://www.mwrinfosecurity.com/publications/mwri_ibm-lotus-domino-accept-language-stack-overflow_2008-05-20.pdf | x_refsource_MISC | |
| http://www-1.ibm.com/support/docview.wss?uid=swg21303057 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/29310 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id?1020098 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:49:58.511Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20080522 Who\u0027s Right",
"tags": [
"mailing-list",
"x_refsource_VIM",
"x_transferred"
],
"url": "http://www.attrition.org/pipermail/vim/2008-May/001988.html"
},
{
"name": "ADV-2008-1597",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1597"
},
{
"name": "30310",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30310"
},
{
"name": "20080522 Who\u0027s Right",
"tags": [
"mailing-list",
"x_refsource_VIM",
"x_transferred"
],
"url": "http://www.attrition.org/pipermail/vim/2008-May/001989.html"
},
{
"name": "30332",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30332"
},
{
"name": "ibm-lotusdomino-acceptlanguage-bo(42552)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42552"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.mwrinfosecurity.com/publications/mwri_ibm-lotus-domino-accept-language-stack-overflow_2008-05-20.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21303057"
},
{
"name": "29310",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29310"
},
{
"name": "1020098",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020098"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-05-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the Web Server service in IBM Lotus Domino before 7.0.3 FP1, and 8.x before 8.0.1, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long Accept-Language HTTP header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20080522 Who\u0027s Right",
"tags": [
"mailing-list",
"x_refsource_VIM"
],
"url": "http://www.attrition.org/pipermail/vim/2008-May/001988.html"
},
{
"name": "ADV-2008-1597",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1597"
},
{
"name": "30310",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30310"
},
{
"name": "20080522 Who\u0027s Right",
"tags": [
"mailing-list",
"x_refsource_VIM"
],
"url": "http://www.attrition.org/pipermail/vim/2008-May/001989.html"
},
{
"name": "30332",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30332"
},
{
"name": "ibm-lotusdomino-acceptlanguage-bo(42552)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42552"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.mwrinfosecurity.com/publications/mwri_ibm-lotus-domino-accept-language-stack-overflow_2008-05-20.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21303057"
},
{
"name": "29310",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29310"
},
{
"name": "1020098",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020098"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2240",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the Web Server service in IBM Lotus Domino before 7.0.3 FP1, and 8.x before 8.0.1, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long Accept-Language HTTP header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20080522 Who\u0027s Right",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2008-May/001988.html"
},
{
"name": "ADV-2008-1597",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1597"
},
{
"name": "30310",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30310"
},
{
"name": "20080522 Who\u0027s Right",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2008-May/001989.html"
},
{
"name": "30332",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30332"
},
{
"name": "ibm-lotusdomino-acceptlanguage-bo(42552)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42552"
},
{
"name": "http://www.mwrinfosecurity.com/publications/mwri_ibm-lotus-domino-accept-language-stack-overflow_2008-05-20.pdf",
"refsource": "MISC",
"url": "http://www.mwrinfosecurity.com/publications/mwri_ibm-lotus-domino-accept-language-stack-overflow_2008-05-20.pdf"
},
{
"name": "http://www-1.ibm.com/support/docview.wss?uid=swg21303057",
"refsource": "CONFIRM",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21303057"
},
{
"name": "29310",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29310"
},
{
"name": "1020098",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020098"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2240",
"datePublished": "2008-05-22T10:00:00",
"dateReserved": "2008-05-16T00:00:00",
"dateUpdated": "2024-08-07T08:49:58.511Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-0927
Vulnerability from cvelistv5
Published
2010-03-05 17:00
Modified
2024-09-16 19:31
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in help/readme.nsf/Header in the Help component in IBM Lotus Domino 7.x before 7.0.4 and 8.x before 8.0.2 allows remote attackers to inject arbitrary web script or HTML via the BaseTarget parameter in an OpenPage action. NOTE: this may overlap CVE-2010-0920.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/38481 | vdb-entry, x_refsource_BID | |
| http://www.cybsec.com/vuln/CYBSEC_Advisory_2010_0301_IBM_%20Lotus_Dominio_Readme_nsf_Reflected_XSS.pdf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:06:52.448Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "38481",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38481"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cybsec.com/vuln/CYBSEC_Advisory_2010_0301_IBM_%20Lotus_Dominio_Readme_nsf_Reflected_XSS.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in help/readme.nsf/Header in the Help component in IBM Lotus Domino 7.x before 7.0.4 and 8.x before 8.0.2 allows remote attackers to inject arbitrary web script or HTML via the BaseTarget parameter in an OpenPage action. NOTE: this may overlap CVE-2010-0920."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-03-05T17:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "38481",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38481"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cybsec.com/vuln/CYBSEC_Advisory_2010_0301_IBM_%20Lotus_Dominio_Readme_nsf_Reflected_XSS.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0927",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in help/readme.nsf/Header in the Help component in IBM Lotus Domino 7.x before 7.0.4 and 8.x before 8.0.2 allows remote attackers to inject arbitrary web script or HTML via the BaseTarget parameter in an OpenPage action. NOTE: this may overlap CVE-2010-0920."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38481",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38481"
},
{
"name": "http://www.cybsec.com/vuln/CYBSEC_Advisory_2010_0301_IBM_%20Lotus_Dominio_Readme_nsf_Reflected_XSS.pdf",
"refsource": "MISC",
"url": "http://www.cybsec.com/vuln/CYBSEC_Advisory_2010_0301_IBM_%20Lotus_Dominio_Readme_nsf_Reflected_XSS.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0927",
"datePublished": "2010-03-05T17:00:00Z",
"dateReserved": "2010-03-05T00:00:00Z",
"dateUpdated": "2024-09-16T19:31:44.522Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4064
Vulnerability from cvelistv5
Published
2013-12-21 11:00
Modified
2024-08-06 16:30
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.x before 8.5.3 FP6 and 9.0.x before 9.0.1, when ultra-light mode is enabled, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN9ARMFA.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/86595 | vdb-entry, x_refsource_XF | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21659959 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:30:49.904Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-inotes-cve20134064-xss(86595)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86595"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21659959"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.x before 8.5.3 FP6 and 9.0.x before 9.0.1, when ultra-light mode is enabled, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN9ARMFA."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-inotes-cve20134064-xss(86595)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86595"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21659959"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-4064",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.x before 8.5.3 FP6 and 9.0.x before 9.0.1, when ultra-light mode is enabled, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN9ARMFA."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-inotes-cve20134064-xss(86595)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86595"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21659959",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21659959"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2013-4064",
"datePublished": "2013-12-21T11:00:00",
"dateReserved": "2013-06-07T00:00:00",
"dateUpdated": "2024-08-06T16:30:49.904Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-1505
Vulnerability from cvelistv5
Published
2011-03-22 17:00
Modified
2024-08-06 22:28
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.27 services for Lotus Domino has unknown impact and attack vectors, aka SPR ESEO8DQME2.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/66142 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/43689 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.ibm.com/support/docview.wss?uid=swg1LO58209 | vendor-advisory, x_refsource_AIXAPAR | |
| http://www.securityfocus.com/bid/46903 | vdb-entry, x_refsource_BID | |
| http://securitytracker.com/id?1025228 | vdb-entry, x_refsource_SECTRACK | |
| http://www.vupen.com/english/advisories/2011/0707 | vdb-entry, x_refsource_VUPEN | |
| http://www-01.ibm.com/support/docview.wss?uid=swg27013341 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:28:41.775Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-lotusquickr-unspecified(66142)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66142"
},
{
"name": "43689",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43689"
},
{
"name": "LO58209",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg1LO58209"
},
{
"name": "46903",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/46903"
},
{
"name": "1025228",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1025228"
},
{
"name": "ADV-2011-0707",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0707"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27013341"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-03-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.27 services for Lotus Domino has unknown impact and attack vectors, aka SPR ESEO8DQME2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ibm-lotusquickr-unspecified(66142)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66142"
},
{
"name": "43689",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43689"
},
{
"name": "LO58209",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg1LO58209"
},
{
"name": "46903",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/46903"
},
{
"name": "1025228",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1025228"
},
{
"name": "ADV-2011-0707",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0707"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27013341"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1505",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.27 services for Lotus Domino has unknown impact and attack vectors, aka SPR ESEO8DQME2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-lotusquickr-unspecified(66142)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66142"
},
{
"name": "43689",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43689"
},
{
"name": "LO58209",
"refsource": "AIXAPAR",
"url": "http://www.ibm.com/support/docview.wss?uid=swg1LO58209"
},
{
"name": "46903",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46903"
},
{
"name": "1025228",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1025228"
},
{
"name": "ADV-2011-0707",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0707"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg27013341",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27013341"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-1505",
"datePublished": "2011-03-22T17:00:00",
"dateReserved": "2011-03-22T00:00:00",
"dateUpdated": "2024-08-06T22:28:41.775Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-1520
Vulnerability from cvelistv5
Published
2011-03-25 19:00
Modified
2024-08-06 22:28
Severity ?
EPSS score ?
Summary
The default configuration of the server console in IBM Lotus Domino does not require a password (aka Server_Console_Password), which allows physically proximate attackers to perform administrative changes or obtain sensitive information via a (1) Load, (2) Tell, or (3) Set Configuration command.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.zerodayinitiative.com/advisories/ZDI-11-110 | x_refsource_MISC | |
| http://publib.boulder.ibm.com/infocenter/domhelp/v8r0/index.jsp?topic=/com.ibm.help.domino.admin.doc/DOC/H_THE_DOMINO_CONTROLLER_AND_CONSOLE_OVER.html | x_refsource_MISC | |
| http://www.lotus.com/ldd/doc/domino_notes/rnext/help6_admin.nsf/2e73cbb2141acefa85256b8700688cea/0c50e423038555d085256c1d003a31f0?OpenDocument | x_refsource_MISC | |
| http://www.securityfocus.com/archive/1/517119/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://securityreason.com/securityalert/8164 | third-party-advisory, x_refsource_SREASON | |
| http://www.lotus.com/ldd/dominowiki.nsf/dx/server_console_password | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:28:41.790Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-11-110"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://publib.boulder.ibm.com/infocenter/domhelp/v8r0/index.jsp?topic=/com.ibm.help.domino.admin.doc/DOC/H_THE_DOMINO_CONTROLLER_AND_CONSOLE_OVER.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.lotus.com/ldd/doc/domino_notes/rnext/help6_admin.nsf/2e73cbb2141acefa85256b8700688cea/0c50e423038555d085256c1d003a31f0?OpenDocument"
},
{
"name": "20110322 ZDI-11-110: (0day) IBM Lotus Domino Server Controller Authentication Bypass Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/517119/100/0/threaded"
},
{
"name": "8164",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8164"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.lotus.com/ldd/dominowiki.nsf/dx/server_console_password"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-03-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The default configuration of the server console in IBM Lotus Domino does not require a password (aka Server_Console_Password), which allows physically proximate attackers to perform administrative changes or obtain sensitive information via a (1) Load, (2) Tell, or (3) Set Configuration command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-11-110"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://publib.boulder.ibm.com/infocenter/domhelp/v8r0/index.jsp?topic=/com.ibm.help.domino.admin.doc/DOC/H_THE_DOMINO_CONTROLLER_AND_CONSOLE_OVER.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.lotus.com/ldd/doc/domino_notes/rnext/help6_admin.nsf/2e73cbb2141acefa85256b8700688cea/0c50e423038555d085256c1d003a31f0?OpenDocument"
},
{
"name": "20110322 ZDI-11-110: (0day) IBM Lotus Domino Server Controller Authentication Bypass Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/517119/100/0/threaded"
},
{
"name": "8164",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8164"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.lotus.com/ldd/dominowiki.nsf/dx/server_console_password"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1520",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default configuration of the server console in IBM Lotus Domino does not require a password (aka Server_Console_Password), which allows physically proximate attackers to perform administrative changes or obtain sensitive information via a (1) Load, (2) Tell, or (3) Set Configuration command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-11-110",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-11-110"
},
{
"name": "http://publib.boulder.ibm.com/infocenter/domhelp/v8r0/index.jsp?topic=/com.ibm.help.domino.admin.doc/DOC/H_THE_DOMINO_CONTROLLER_AND_CONSOLE_OVER.html",
"refsource": "MISC",
"url": "http://publib.boulder.ibm.com/infocenter/domhelp/v8r0/index.jsp?topic=/com.ibm.help.domino.admin.doc/DOC/H_THE_DOMINO_CONTROLLER_AND_CONSOLE_OVER.html"
},
{
"name": "http://www.lotus.com/ldd/doc/domino_notes/rnext/help6_admin.nsf/2e73cbb2141acefa85256b8700688cea/0c50e423038555d085256c1d003a31f0?OpenDocument",
"refsource": "MISC",
"url": "http://www.lotus.com/ldd/doc/domino_notes/rnext/help6_admin.nsf/2e73cbb2141acefa85256b8700688cea/0c50e423038555d085256c1d003a31f0?OpenDocument"
},
{
"name": "20110322 ZDI-11-110: (0day) IBM Lotus Domino Server Controller Authentication Bypass Remote Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/517119/100/0/threaded"
},
{
"name": "8164",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8164"
},
{
"name": "http://www.lotus.com/ldd/dominowiki.nsf/dx/server_console_password",
"refsource": "CONFIRM",
"url": "http://www.lotus.com/ldd/dominowiki.nsf/dx/server_console_password"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-1520",
"datePublished": "2011-03-25T19:00:00",
"dateReserved": "2011-03-25T00:00:00",
"dateUpdated": "2024-08-06T22:28:41.790Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-0487
Vulnerability from cvelistv5
Published
2013-03-27 10:00
Modified
2024-08-06 14:25
Severity ?
EPSS score ?
Summary
The Java Console in IBM Domino 8.5.x allows remote authenticated users to hijack temporary credentials by leveraging knowledge of configuration details, aka SPR KLYH8TNNDN.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/81852 | vdb-entry, x_refsource_XF | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21627597 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:25:10.383Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "domino-controller-auth-bypass(81852)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81852"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21627597"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-03-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Java Console in IBM Domino 8.5.x allows remote authenticated users to hijack temporary credentials by leveraging knowledge of configuration details, aka SPR KLYH8TNNDN."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "domino-controller-auth-bypass(81852)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81852"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21627597"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-0487",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Java Console in IBM Domino 8.5.x allows remote authenticated users to hijack temporary credentials by leveraging knowledge of configuration details, aka SPR KLYH8TNNDN."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "domino-controller-auth-bypass(81852)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81852"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21627597",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21627597"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2013-0487",
"datePublished": "2013-03-27T10:00:00",
"dateReserved": "2012-12-16T00:00:00",
"dateUpdated": "2024-08-06T14:25:10.383Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-0669
Vulnerability from cvelistv5
Published
2004-07-13 04:00
Modified
2024-08-08 00:24
Severity ?
EPSS score ?
Summary
Lotus Domino 6.5.0 and 6.5.1, with IMAP enabled, allows remote authenticated users to change their quota by using the IMAP setquota command.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/16575 | vdb-entry, x_refsource_XF | |
| http://marc.info/?l=bugtraq&m=108869022708571&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/10642 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:24:27.054Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "lotus-quota-change(16575)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16575"
},
{
"name": "20040630 Unprevileged user can change quota on Domino",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108869022708571\u0026w=2"
},
{
"name": "10642",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10642"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-06-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Lotus Domino 6.5.0 and 6.5.1, with IMAP enabled, allows remote authenticated users to change their quota by using the IMAP setquota command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "lotus-quota-change(16575)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16575"
},
{
"name": "20040630 Unprevileged user can change quota on Domino",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108869022708571\u0026w=2"
},
{
"name": "10642",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10642"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0669",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Lotus Domino 6.5.0 and 6.5.1, with IMAP enabled, allows remote authenticated users to change their quota by using the IMAP setquota command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "lotus-quota-change(16575)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16575"
},
{
"name": "20040630 Unprevileged user can change quota on Domino",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=108869022708571\u0026w=2"
},
{
"name": "10642",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10642"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0669",
"datePublished": "2004-07-13T04:00:00",
"dateReserved": "2004-07-12T00:00:00",
"dateUpdated": "2024-08-08T00:24:27.054Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-3575
Vulnerability from cvelistv5
Published
2011-09-17 10:00
Modified
2024-08-06 23:37
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in the NSFComputeEvaluateExt function in Nnotes.dll in IBM Lotus Domino 8.5.2 allows remote authenticated users to execute arbitrary code via a long tHPRAgentName parameter in an fmHttpPostRequest OpenForm action to WebAdmin.nsf.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/49705 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/69802 | vdb-entry, x_refsource_XF | |
| http://www.research.reversingcode.com/index.php/advisories/73-ibm-ssd-1012211 | x_refsource_MISC | |
| http://www.research.reversingcode.com/exploits/IBMLotusDomino_StackOverflowPoC | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:37:48.628Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "49705",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/49705"
},
{
"name": "ibm-lotus-domino-hpragentname-bo(69802)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69802"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.research.reversingcode.com/index.php/advisories/73-ibm-ssd-1012211"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.research.reversingcode.com/exploits/IBMLotusDomino_StackOverflowPoC"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-03-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the NSFComputeEvaluateExt function in Nnotes.dll in IBM Lotus Domino 8.5.2 allows remote authenticated users to execute arbitrary code via a long tHPRAgentName parameter in an fmHttpPostRequest OpenForm action to WebAdmin.nsf."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "49705",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/49705"
},
{
"name": "ibm-lotus-domino-hpragentname-bo(69802)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69802"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.research.reversingcode.com/index.php/advisories/73-ibm-ssd-1012211"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.research.reversingcode.com/exploits/IBMLotusDomino_StackOverflowPoC"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3575",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the NSFComputeEvaluateExt function in Nnotes.dll in IBM Lotus Domino 8.5.2 allows remote authenticated users to execute arbitrary code via a long tHPRAgentName parameter in an fmHttpPostRequest OpenForm action to WebAdmin.nsf."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "49705",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/49705"
},
{
"name": "ibm-lotus-domino-hpragentname-bo(69802)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69802"
},
{
"name": "http://www.research.reversingcode.com/index.php/advisories/73-ibm-ssd-1012211",
"refsource": "MISC",
"url": "http://www.research.reversingcode.com/index.php/advisories/73-ibm-ssd-1012211"
},
{
"name": "http://www.research.reversingcode.com/exploits/IBMLotusDomino_StackOverflowPoC",
"refsource": "MISC",
"url": "http://www.research.reversingcode.com/exploits/IBMLotusDomino_StackOverflowPoC"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3575",
"datePublished": "2011-09-17T10:00:00",
"dateReserved": "2011-09-16T00:00:00",
"dateUpdated": "2024-08-06T23:37:48.628Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-7286
Vulnerability from cvelistv5
Published
2011-03-22 17:00
Modified
2024-09-17 00:15
Severity ?
EPSS score ?
Summary
IBM Lotus Quickr 8.1 before 8.1.0.2 services for Lotus Domino does not properly handle URLs that request images, which allows remote authenticated users to cause a denial of service (daemon crash) via a request to resources.nsf, aka SPR XFXF7JDBCX.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg27013341 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:03:36.591Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27013341"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "IBM Lotus Quickr 8.1 before 8.1.0.2 services for Lotus Domino does not properly handle URLs that request images, which allows remote authenticated users to cause a denial of service (daemon crash) via a request to resources.nsf, aka SPR XFXF7JDBCX."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-03-22T17:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27013341"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7286",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Lotus Quickr 8.1 before 8.1.0.2 services for Lotus Domino does not properly handle URLs that request images, which allows remote authenticated users to cause a denial of service (daemon crash) via a request to resources.nsf, aka SPR XFXF7JDBCX."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg27013341",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27013341"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-7286",
"datePublished": "2011-03-22T17:00:00Z",
"dateReserved": "2011-03-22T00:00:00Z",
"dateUpdated": "2024-09-17T00:15:46.477Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-5060
Vulnerability from cvelistv5
Published
2011-03-22 17:00
Modified
2024-09-16 19:09
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.11 services for Lotus Domino might allow remote authenticated users to cause a denial of service (daemon crash) by accessing an entry in a calendar, aka SPR MZHA7SEBJX.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg27013341 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:24:54.102Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27013341"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.11 services for Lotus Domino might allow remote authenticated users to cause a denial of service (daemon crash) by accessing an entry in a calendar, aka SPR MZHA7SEBJX."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-03-22T17:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27013341"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-5060",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.11 services for Lotus Domino might allow remote authenticated users to cause a denial of service (daemon crash) by accessing an entry in a calendar, aka SPR MZHA7SEBJX."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg27013341",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27013341"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-5060",
"datePublished": "2011-03-22T17:00:00Z",
"dateReserved": "2011-03-22T00:00:00Z",
"dateUpdated": "2024-09-16T19:09:21.833Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-0123
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 01:43
Severity ?
EPSS score ?
Summary
Buffer overflow in Web Retriever client for Lotus Notes/Domino R4.5 through R6 allows remote malicious web servers to cause a denial of service (crash) via a long HTTP status line.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.cert.org/advisories/CA-2003-11.html | third-party-advisory, x_refsource_CERT | |
| http://www.ciac.org/ciac/bulletins/n-065.shtml | third-party-advisory, government-resource, x_refsource_CIAC | |
| http://marc.info/?l=bugtraq&m=104757545500368&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/7038 | vdb-entry, x_refsource_BID | |
| http://www.rapid7.com/advisories/R7-0011.html | x_refsource_MISC | |
| http://www.kb.cert.org/vuls/id/411489 | third-party-advisory, x_refsource_CERT-VN | |
| http://www-1.ibm.com/support/docview.wss?rs=482&q=Domino&uid=swg21105060 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/11525 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:43:35.918Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "CA-2003-11",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.cert.org/advisories/CA-2003-11.html"
},
{
"name": "N-065",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC",
"x_transferred"
],
"url": "http://www.ciac.org/ciac/bulletins/n-065.shtml"
},
{
"name": "20030313 R7-0011: Lotus Notes/Domino Web Retriever HTTP Status Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104757545500368\u0026w=2"
},
{
"name": "7038",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/7038"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.rapid7.com/advisories/R7-0011.html"
},
{
"name": "VU#411489",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/411489"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/docview.wss?rs=482\u0026q=Domino\u0026uid=swg21105060"
},
{
"name": "lotus-web-retriever-bo(11525)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11525"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-03-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Web Retriever client for Lotus Notes/Domino R4.5 through R6 allows remote malicious web servers to cause a denial of service (crash) via a long HTTP status line."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-11-13T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "CA-2003-11",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.cert.org/advisories/CA-2003-11.html"
},
{
"name": "N-065",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC"
],
"url": "http://www.ciac.org/ciac/bulletins/n-065.shtml"
},
{
"name": "20030313 R7-0011: Lotus Notes/Domino Web Retriever HTTP Status Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104757545500368\u0026w=2"
},
{
"name": "7038",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/7038"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.rapid7.com/advisories/R7-0011.html"
},
{
"name": "VU#411489",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/411489"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-1.ibm.com/support/docview.wss?rs=482\u0026q=Domino\u0026uid=swg21105060"
},
{
"name": "lotus-web-retriever-bo(11525)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11525"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0123",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Web Retriever client for Lotus Notes/Domino R4.5 through R6 allows remote malicious web servers to cause a denial of service (crash) via a long HTTP status line."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "CA-2003-11",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2003-11.html"
},
{
"name": "N-065",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/n-065.shtml"
},
{
"name": "20030313 R7-0011: Lotus Notes/Domino Web Retriever HTTP Status Buffer Overflow",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=104757545500368\u0026w=2"
},
{
"name": "7038",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/7038"
},
{
"name": "http://www.rapid7.com/advisories/R7-0011.html",
"refsource": "MISC",
"url": "http://www.rapid7.com/advisories/R7-0011.html"
},
{
"name": "VU#411489",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/411489"
},
{
"name": "http://www-1.ibm.com/support/docview.wss?rs=482\u0026q=Domino\u0026uid=swg21105060",
"refsource": "CONFIRM",
"url": "http://www-1.ibm.com/support/docview.wss?rs=482\u0026q=Domino\u0026uid=swg21105060"
},
{
"name": "lotus-web-retriever-bo(11525)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11525"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0123",
"datePublished": "2004-09-01T04:00:00",
"dateReserved": "2003-03-10T00:00:00",
"dateUpdated": "2024-08-08T01:43:35.918Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-4842
Vulnerability from cvelistv5
Published
2013-02-27 21:00
Modified
2024-08-06 20:50
Severity ?
EPSS score ?
Summary
Open redirect vulnerability in the web server in IBM Lotus Domino 8.5.x through 8.5.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/79232 | vdb-entry, x_refsource_XF | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21614077 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:50:17.335Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "lotus-domino-names-redirect(79232)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79232"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21614077"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-11-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in the web server in IBM Lotus Domino 8.5.x through 8.5.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "lotus-domino-names-redirect(79232)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79232"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21614077"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2012-4842",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in the web server in IBM Lotus Domino 8.5.x through 8.5.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "lotus-domino-names-redirect(79232)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79232"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21614077",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21614077"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2012-4842",
"datePublished": "2013-02-27T21:00:00",
"dateReserved": "2012-09-06T00:00:00",
"dateUpdated": "2024-08-06T20:50:17.335Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-1739
Vulnerability from cvelistv5
Published
2007-03-28 22:00
Modified
2024-08-07 13:06
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in the LDAP server in IBM Lotus Domino before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to cause a denial of service (crash) via a long, malformed DN request, which causes only the lower 16 bits of the string length to be used in memory allocation.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/33278 | vdb-entry, x_refsource_XF | |
| http://www.securitytracker.com/id?1017825 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/23173 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/bid/23174 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/24633 | third-party-advisory, x_refsource_SECUNIA | |
| http://www-1.ibm.com/support/docview.wss?uid=swg21257248 | x_refsource_CONFIRM | |
| http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=494 | third-party-advisory, x_refsource_IDEFENSE | |
| http://www.vupen.com/english/advisories/2007/1133 | vdb-entry, x_refsource_VUPEN | |
| http://www.kb.cert.org/vuls/id/927988 | third-party-advisory, x_refsource_CERT-VN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:06:26.287Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "domino-ldap-bo(33278)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33278"
},
{
"name": "1017825",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017825"
},
{
"name": "23173",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23173"
},
{
"name": "23174",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23174"
},
{
"name": "24633",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24633"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21257248"
},
{
"name": "20070328 IBM Lotus Domino Server LDAP Request Invalid DN Message Heap Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=494"
},
{
"name": "ADV-2007-1133",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1133"
},
{
"name": "VU#927988",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/927988"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the LDAP server in IBM Lotus Domino before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to cause a denial of service (crash) via a long, malformed DN request, which causes only the lower 16 bits of the string length to be used in memory allocation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "domino-ldap-bo(33278)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33278"
},
{
"name": "1017825",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017825"
},
{
"name": "23173",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23173"
},
{
"name": "23174",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23174"
},
{
"name": "24633",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24633"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21257248"
},
{
"name": "20070328 IBM Lotus Domino Server LDAP Request Invalid DN Message Heap Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=494"
},
{
"name": "ADV-2007-1133",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1133"
},
{
"name": "VU#927988",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/927988"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1739",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the LDAP server in IBM Lotus Domino before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to cause a denial of service (crash) via a long, malformed DN request, which causes only the lower 16 bits of the string length to be used in memory allocation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "domino-ldap-bo(33278)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33278"
},
{
"name": "1017825",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017825"
},
{
"name": "23173",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23173"
},
{
"name": "23174",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23174"
},
{
"name": "24633",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24633"
},
{
"name": "http://www-1.ibm.com/support/docview.wss?uid=swg21257248",
"refsource": "CONFIRM",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21257248"
},
{
"name": "20070328 IBM Lotus Domino Server LDAP Request Invalid DN Message Heap Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=494"
},
{
"name": "ADV-2007-1133",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1133"
},
{
"name": "VU#927988",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/927988"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1739",
"datePublished": "2007-03-28T22:00:00",
"dateReserved": "2007-03-28T00:00:00",
"dateUpdated": "2024-08-07T13:06:26.287Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-0918
Vulnerability from cvelistv5
Published
2010-03-03 19:00
Modified
2024-08-07 01:06
Severity ?
EPSS score ?
Summary
Multiple unspecified vulnerabilities in the UltraLite functionality in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.281 for Domino 8.0.2 FP4 have unknown impact and attack vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/56557 | vdb-entry, x_refsource_XF | |
| http://www.vupen.com/english/advisories/2010/0496 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/38459 | vdb-entry, x_refsource_BID | |
| http://www-01.ibm.com/support/docview.wss?uid=swg27018109 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:06:52.586Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "inotes-ultralite-unspecified(56557)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56557"
},
{
"name": "ADV-2010-0496",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0496"
},
{
"name": "38459",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38459"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27018109"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-02-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in the UltraLite functionality in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.281 for Domino 8.0.2 FP4 have unknown impact and attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "inotes-ultralite-unspecified(56557)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56557"
},
{
"name": "ADV-2010-0496",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0496"
},
{
"name": "38459",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38459"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27018109"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0918",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in the UltraLite functionality in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.281 for Domino 8.0.2 FP4 have unknown impact and attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "inotes-ultralite-unspecified(56557)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56557"
},
{
"name": "ADV-2010-0496",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0496"
},
{
"name": "38459",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38459"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg27018109",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27018109"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0918",
"datePublished": "2010-03-03T19:00:00",
"dateReserved": "2010-03-03T00:00:00",
"dateUpdated": "2024-08-07T01:06:52.586Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-0121
Vulnerability from cvelistv5
Published
2006-01-09 11:00
Modified
2024-08-07 16:25
Severity ?
EPSS score ?
Summary
Multiple memory leaks in IBM Lotus Notes and Domino Server before 6.5.5 allow attackers to cause a denial of service (memory consumption and crash) via unknown vectors related to (1) unspecified vectors during the SSL handshake (SPR# MKIN67MQVW), (2) the stash file during the SSL handshake (SPR# MKIN693QUT), and possibly other vectors. NOTE: due to insufficient information in the original vendor advisory, it is not clear whether there is an attacker role in other memory leaks that are specified in the advisory.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-1.ibm.com/support/docview.wss?uid=swg27007054 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/16158 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/18328 | third-party-advisory, x_refsource_SECUNIA | |
| http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/2221243535d88a2b8525701b00420cd6?OpenDocument&Highlight=0%2CMKIN693QUT | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/24223 | vdb-entry, x_refsource_XF | |
| http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/20f66e356a76c90f8525702a00420e08?OpenDocument&Highlight=0%2CMKIN67MQVW | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2006/0081 | vdb-entry, x_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:25:33.450Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg27007054"
},
{
"name": "16158",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16158"
},
{
"name": "18328",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18328"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/2221243535d88a2b8525701b00420cd6?OpenDocument\u0026Highlight=0%2CMKIN693QUT"
},
{
"name": "lotus-ssl-handshake-dos(24223)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24223"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/20f66e356a76c90f8525702a00420e08?OpenDocument\u0026Highlight=0%2CMKIN67MQVW"
},
{
"name": "ADV-2006-0081",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0081"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-01-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple memory leaks in IBM Lotus Notes and Domino Server before 6.5.5 allow attackers to cause a denial of service (memory consumption and crash) via unknown vectors related to (1) unspecified vectors during the SSL handshake (SPR# MKIN67MQVW), (2) the stash file during the SSL handshake (SPR# MKIN693QUT), and possibly other vectors. NOTE: due to insufficient information in the original vendor advisory, it is not clear whether there is an attacker role in other memory leaks that are specified in the advisory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg27007054"
},
{
"name": "16158",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16158"
},
{
"name": "18328",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18328"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/2221243535d88a2b8525701b00420cd6?OpenDocument\u0026Highlight=0%2CMKIN693QUT"
},
{
"name": "lotus-ssl-handshake-dos(24223)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24223"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/20f66e356a76c90f8525702a00420e08?OpenDocument\u0026Highlight=0%2CMKIN67MQVW"
},
{
"name": "ADV-2006-0081",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0081"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0121",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple memory leaks in IBM Lotus Notes and Domino Server before 6.5.5 allow attackers to cause a denial of service (memory consumption and crash) via unknown vectors related to (1) unspecified vectors during the SSL handshake (SPR# MKIN67MQVW), (2) the stash file during the SSL handshake (SPR# MKIN693QUT), and possibly other vectors. NOTE: due to insufficient information in the original vendor advisory, it is not clear whether there is an attacker role in other memory leaks that are specified in the advisory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-1.ibm.com/support/docview.wss?uid=swg27007054",
"refsource": "CONFIRM",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg27007054"
},
{
"name": "16158",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16158"
},
{
"name": "18328",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18328"
},
{
"name": "http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/2221243535d88a2b8525701b00420cd6?OpenDocument\u0026Highlight=0,MKIN693QUT",
"refsource": "CONFIRM",
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/2221243535d88a2b8525701b00420cd6?OpenDocument\u0026Highlight=0,MKIN693QUT"
},
{
"name": "lotus-ssl-handshake-dos(24223)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24223"
},
{
"name": "http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/20f66e356a76c90f8525702a00420e08?OpenDocument\u0026Highlight=0,MKIN67MQVW",
"refsource": "CONFIRM",
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/20f66e356a76c90f8525702a00420e08?OpenDocument\u0026Highlight=0,MKIN67MQVW"
},
{
"name": "ADV-2006-0081",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0081"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0121",
"datePublished": "2006-01-09T11:00:00",
"dateReserved": "2006-01-09T00:00:00",
"dateUpdated": "2024-08-07T16:25:33.450Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-1424
Vulnerability from cvelistv5
Published
2011-05-24 23:00
Modified
2024-08-06 22:28
Severity ?
EPSS score ?
Summary
The default configuration of ExShortcut\Web.config in EMC SourceOne Email Management before 6.6 SP1, when the Mobile Services component is used, does not properly set the localOnly attribute of the trace element, which allows remote authenticated users to obtain sensitive information via ASP.NET Application Tracing.
References
| ▼ | URL | Tags |
|---|---|---|
| http://securityreason.com/securityalert/8258 | third-party-advisory, x_refsource_SREASON | |
| http://www.securityfocus.com/archive/1/518003/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:28:41.300Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "8258",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8258"
},
{
"name": "20110513 ESA-2011-016: EMC SourceOne ASP.NET application tracing information disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/518003/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-05-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The default configuration of ExShortcut\\Web.config in EMC SourceOne Email Management before 6.6 SP1, when the Mobile Services component is used, does not properly set the localOnly attribute of the trace element, which allows remote authenticated users to obtain sensitive information via ASP.NET Application Tracing."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"name": "8258",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8258"
},
{
"name": "20110513 ESA-2011-016: EMC SourceOne ASP.NET application tracing information disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/518003/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2011-1424",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default configuration of ExShortcut\\Web.config in EMC SourceOne Email Management before 6.6 SP1, when the Mobile Services component is used, does not properly set the localOnly attribute of the trace element, which allows remote authenticated users to obtain sensitive information via ASP.NET Application Tracing."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8258",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8258"
},
{
"name": "20110513 ESA-2011-016: EMC SourceOne ASP.NET application tracing information disclosure vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/518003/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2011-1424",
"datePublished": "2011-05-24T23:00:00",
"dateReserved": "2011-03-14T00:00:00",
"dateUpdated": "2024-08-06T22:28:41.300Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-0489
Vulnerability from cvelistv5
Published
2013-03-27 10:00
Modified
2024-08-06 14:25
Severity ?
EPSS score ?
Summary
Cross-site request forgery (CSRF) vulnerability in webadmin.nsf (aka the Web Administrator client) in IBM Domino 8.5.x allows remote authenticated users to hijack the authentication of administrators.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/81854 | vdb-entry, x_refsource_XF | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21627597 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:25:10.488Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "domino-webadmin-csrf(81854)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81854"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21627597"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-03-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in webadmin.nsf (aka the Web Administrator client) in IBM Domino 8.5.x allows remote authenticated users to hijack the authentication of administrators."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "domino-webadmin-csrf(81854)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81854"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21627597"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-0489",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in webadmin.nsf (aka the Web Administrator client) in IBM Domino 8.5.x allows remote authenticated users to hijack the authentication of administrators."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "domino-webadmin-csrf(81854)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81854"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21627597",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21627597"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2013-0489",
"datePublished": "2013-03-27T10:00:00",
"dateReserved": "2012-12-16T00:00:00",
"dateUpdated": "2024-08-06T14:25:10.488Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-3032
Vulnerability from cvelistv5
Published
2013-08-09 19:00
Modified
2024-08-06 16:00
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the MIME e-mail functionality in iNotes in IBM Domino 9.0 before IF3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN986NAA.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21644599 | x_refsource_CONFIRM | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21645503 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/84622 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:00:09.529Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644599"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21645503"
},
{
"name": "inotes-cve20133032-xss(84622)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84622"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-07-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the MIME e-mail functionality in iNotes in IBM Domino 9.0 before IF3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN986NAA."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644599"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21645503"
},
{
"name": "inotes-cve20133032-xss(84622)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84622"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-3032",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the MIME e-mail functionality in iNotes in IBM Domino 9.0 before IF3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN986NAA."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21644599",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644599"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21645503",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21645503"
},
{
"name": "inotes-cve20133032-xss(84622)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84622"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2013-3032",
"datePublished": "2013-08-09T19:00:00",
"dateReserved": "2013-04-12T00:00:00",
"dateUpdated": "2024-08-06T16:00:09.529Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-3086
Vulnerability from cvelistv5
Published
2014-08-12 00:00
Modified
2024-08-06 10:35
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the IBM Java Virtual Machine, as used in IBM WebSphere Real Time 3 before Service Refresh 7 FP1 and other products, allows remote attackers to gain privileges by leveraging the ability to execute code in the context of a security manager.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:35:55.957Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680333"
},
{
"name": "69183",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/69183"
},
{
"name": "61577",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61577"
},
{
"name": "59680",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59680"
},
{
"name": "ibm-java-cve20143086-code-exec(94097)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94097"
},
{
"name": "IV62634",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV62634"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686383"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680334"
},
{
"name": "60622",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60622"
},
{
"name": "60081",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60081"
},
{
"name": "61640",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61640"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686824"
},
{
"name": "60317",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60317"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the IBM Java Virtual Machine, as used in IBM WebSphere Real Time 3 before Service Refresh 7 FP1 and other products, allows remote attackers to gain privileges by leveraging the ability to execute code in the context of a security manager."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680333"
},
{
"name": "69183",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/69183"
},
{
"name": "61577",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61577"
},
{
"name": "59680",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59680"
},
{
"name": "ibm-java-cve20143086-code-exec(94097)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94097"
},
{
"name": "IV62634",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV62634"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686383"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680334"
},
{
"name": "60622",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60622"
},
{
"name": "60081",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60081"
},
{
"name": "61640",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61640"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686824"
},
{
"name": "60317",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60317"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-3086",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the IBM Java Virtual Machine, as used in IBM WebSphere Real Time 3 before Service Refresh 7 FP1 and other products, allows remote attackers to gain privileges by leveraging the ability to execute code in the context of a security manager."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21680333",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680333"
},
{
"name": "69183",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69183"
},
{
"name": "61577",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61577"
},
{
"name": "59680",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59680"
},
{
"name": "ibm-java-cve20143086-code-exec(94097)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94097"
},
{
"name": "IV62634",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV62634"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21686383",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686383"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21680334",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680334"
},
{
"name": "60622",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60622"
},
{
"name": "60081",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60081"
},
{
"name": "61640",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61640"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21686824",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686824"
},
{
"name": "60317",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60317"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-3086",
"datePublished": "2014-08-12T00:00:00",
"dateReserved": "2014-04-29T00:00:00",
"dateUpdated": "2024-08-06T10:35:55.957Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-0918
Vulnerability from cvelistv5
Published
2011-02-08 21:00
Modified
2024-08-06 22:05
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in the NRouter (aka Router) service in IBM Lotus Domino allows remote attackers to execute arbitrary code via long filenames associated with Content-ID and ATTACH:CID headers in attachments in malformed calendar-request e-mail messages, aka SPR KLYH87LKRE.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/43224 | third-party-advisory, x_refsource_SECUNIA | |
| http://zerodayinitiative.com/advisories/ZDI-11-046/ | x_refsource_MISC | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21461514 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:05:54.822Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "43224",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43224"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-11-046/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21461514"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-02-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the NRouter (aka Router) service in IBM Lotus Domino allows remote attackers to execute arbitrary code via long filenames associated with Content-ID and ATTACH:CID headers in attachments in malformed calendar-request e-mail messages, aka SPR KLYH87LKRE."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-02-23T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "43224",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43224"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-11-046/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21461514"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0918",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the NRouter (aka Router) service in IBM Lotus Domino allows remote attackers to execute arbitrary code via long filenames associated with Content-ID and ATTACH:CID headers in attachments in malformed calendar-request e-mail messages, aka SPR KLYH87LKRE."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43224",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43224"
},
{
"name": "http://zerodayinitiative.com/advisories/ZDI-11-046/",
"refsource": "MISC",
"url": "http://zerodayinitiative.com/advisories/ZDI-11-046/"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21461514",
"refsource": "MISC",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21461514"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-0918",
"datePublished": "2011-02-08T21:00:00",
"dateReserved": "2011-02-08T00:00:00",
"dateUpdated": "2024-08-06T22:05:54.822Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-0977
Vulnerability from cvelistv5
Published
2007-02-16 01:00
Modified
2024-08-07 12:43
Severity ?
EPSS score ?
Summary
IBM Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" enabled, stores HTTPPassword hashes from names.nsf in a manner accessible through Readviewentries and OpenDocument requests to the defaultview view, a different vector than CVE-2005-2428.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/35764 | vdb-entry, x_refsource_OSVDB | |
| https://www.exploit-db.com/exploits/3302 | exploit, x_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:43:21.578Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "35764",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/35764"
},
{
"name": "3302",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/3302"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-02-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Lotus Domino R5 and R6 WebMail, with \"Generate HTML for all fields\" enabled, stores HTTPPassword hashes from names.nsf in a manner accessible through Readviewentries and OpenDocument requests to the defaultview view, a different vector than CVE-2005-2428."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "35764",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/35764"
},
{
"name": "3302",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/3302"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0977",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Lotus Domino R5 and R6 WebMail, with \"Generate HTML for all fields\" enabled, stores HTTPPassword hashes from names.nsf in a manner accessible through Readviewentries and OpenDocument requests to the defaultview view, a different vector than CVE-2005-2428."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35764",
"refsource": "OSVDB",
"url": "http://osvdb.org/35764"
},
{
"name": "3302",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3302"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0977",
"datePublished": "2007-02-16T01:00:00",
"dateReserved": "2007-02-15T00:00:00",
"dateUpdated": "2024-08-07T12:43:21.578Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-3302
Vulnerability from cvelistv5
Published
2012-08-21 10:00
Modified
2024-08-06 19:57
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Domino 7.x and 8.x before 8.5.4 allow remote attackers to inject arbitrary web script or HTML via (1) a URL accessed during use of the Mail template in the WebMail UI or (2) a URL accessed during use of Domino Help through the Domino HTTP server.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21608160 | x_refsource_CONFIRM | |
| http://websecurity.com.ua/5839/ | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/77401 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:57:50.499Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21608160"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://websecurity.com.ua/5839/"
},
{
"name": "lotus-domino-xss(77401)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77401"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-08-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Domino 7.x and 8.x before 8.5.4 allow remote attackers to inject arbitrary web script or HTML via (1) a URL accessed during use of the Mail template in the WebMail UI or (2) a URL accessed during use of Domino Help through the Domino HTTP server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21608160"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://websecurity.com.ua/5839/"
},
{
"name": "lotus-domino-xss(77401)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77401"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2012-3302",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Domino 7.x and 8.x before 8.5.4 allow remote attackers to inject arbitrary web script or HTML via (1) a URL accessed during use of the Mail template in the WebMail UI or (2) a URL accessed during use of Domino Help through the Domino HTTP server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21608160",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21608160"
},
{
"name": "http://websecurity.com.ua/5839/",
"refsource": "MISC",
"url": "http://websecurity.com.ua/5839/"
},
{
"name": "lotus-domino-xss(77401)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77401"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2012-3302",
"datePublished": "2012-08-21T10:00:00",
"dateReserved": "2012-06-07T00:00:00",
"dateUpdated": "2024-08-06T19:57:50.499Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4051
Vulnerability from cvelistv5
Published
2013-11-08 02:00
Modified
2024-08-06 16:30
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in webadmin.nsf in Domino Web Administrator in IBM Domino 8.5 and 9.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2013-4055.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/86503 | vdb-entry, x_refsource_XF | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21652988 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:30:49.873Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "domino-webadmin-cve20134051-xss(86503)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86503"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21652988"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-11-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in webadmin.nsf in Domino Web Administrator in IBM Domino 8.5 and 9.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2013-4055."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "domino-webadmin-cve20134051-xss(86503)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86503"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21652988"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-4051",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in webadmin.nsf in Domino Web Administrator in IBM Domino 8.5 and 9.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2013-4055."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "domino-webadmin-cve20134051-xss(86503)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86503"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21652988",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21652988"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2013-4051",
"datePublished": "2013-11-08T02:00:00",
"dateReserved": "2013-06-07T00:00:00",
"dateUpdated": "2024-08-06T16:30:49.873Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-2667
Vulnerability from cvelistv5
Published
2006-12-29 11:00
Modified
2024-09-16 21:56
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Lotus Domino 6.0.x before 6.0.4 and 6.5.x before 6.5.2 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.osvdb.org/displayvuln.php?osvdb_id=7268 | vdb-entry, x_refsource_OSVDB | |
| http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21171253 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/11925 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:36:25.040Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "7268",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/displayvuln.php?osvdb_id=7268"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/docview.wss?rs=463\u0026uid=swg21171253"
},
{
"name": "11925",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11925"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Lotus Domino 6.0.x before 6.0.4 and 6.5.x before 6.5.2 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-12-29T11:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "7268",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/displayvuln.php?osvdb_id=7268"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-1.ibm.com/support/docview.wss?rs=463\u0026uid=swg21171253"
},
{
"name": "11925",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11925"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2667",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Lotus Domino 6.0.x before 6.0.4 and 6.5.x before 6.5.2 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "7268",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/displayvuln.php?osvdb_id=7268"
},
{
"name": "http://www-1.ibm.com/support/docview.wss?rs=463\u0026uid=swg21171253",
"refsource": "CONFIRM",
"url": "http://www-1.ibm.com/support/docview.wss?rs=463\u0026uid=swg21171253"
},
{
"name": "11925",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11925"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2667",
"datePublished": "2006-12-29T11:00:00Z",
"dateReserved": "2006-12-29T00:00:00Z",
"dateUpdated": "2024-09-16T21:56:36.210Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-2712
Vulnerability from cvelistv5
Published
2006-02-15 11:00
Modified
2024-08-07 22:45
Severity ?
EPSS score ?
Summary
The LDAP server (nldap.exe) in IBM Lotus Domino before 7.0.1, 6.5.5, and 6.5.4 FP2 allows remote attackers to cause a denial of service (crash) via a long bind request, which triggers a null dereference.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/16523 | vdb-entry, x_refsource_BID | |
| http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21229907 | x_refsource_CONFIRM | |
| http://www.idefense.com/intelligence/vulnerabilities/display.php?id=389 | third-party-advisory, x_refsource_IDEFENSE | |
| http://www.vupen.com/english/advisories/2006/0526 | vdb-entry, x_refsource_VUPEN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/24634 | vdb-entry, x_refsource_XF | |
| http://securitytracker.com/id?1015611 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:45:02.085Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "16523",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16523"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/docview.wss?rs=463\u0026uid=swg21229907"
},
{
"name": "20060213 IBM Lotus Domino Server LDAP DoS Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=389"
},
{
"name": "ADV-2006-0526",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0526"
},
{
"name": "domino-ldap-bind-dos(24634)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24634"
},
{
"name": "1015611",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015611"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-02-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The LDAP server (nldap.exe) in IBM Lotus Domino before 7.0.1, 6.5.5, and 6.5.4 FP2 allows remote attackers to cause a denial of service (crash) via a long bind request, which triggers a null dereference."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "16523",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16523"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-1.ibm.com/support/docview.wss?rs=463\u0026uid=swg21229907"
},
{
"name": "20060213 IBM Lotus Domino Server LDAP DoS Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=389"
},
{
"name": "ADV-2006-0526",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0526"
},
{
"name": "domino-ldap-bind-dos(24634)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24634"
},
{
"name": "1015611",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015611"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2712",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The LDAP server (nldap.exe) in IBM Lotus Domino before 7.0.1, 6.5.5, and 6.5.4 FP2 allows remote attackers to cause a denial of service (crash) via a long bind request, which triggers a null dereference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "16523",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16523"
},
{
"name": "http://www-1.ibm.com/support/docview.wss?rs=463\u0026uid=swg21229907",
"refsource": "CONFIRM",
"url": "http://www-1.ibm.com/support/docview.wss?rs=463\u0026uid=swg21229907"
},
{
"name": "20060213 IBM Lotus Domino Server LDAP DoS Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=389"
},
{
"name": "ADV-2006-0526",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0526"
},
{
"name": "domino-ldap-bind-dos(24634)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24634"
},
{
"name": "1015611",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015611"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2712",
"datePublished": "2006-02-15T11:00:00",
"dateReserved": "2005-08-26T00:00:00",
"dateUpdated": "2024-08-07T22:45:02.085Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-4823
Vulnerability from cvelistv5
Published
2013-01-11 00:00
Modified
2024-08-06 20:50
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, allows remote attackers to execute arbitrary code via vectors related to "insecure use of the java.lang.ClassLoder defineClass() method."
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:50:17.295Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2012:1466",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1466.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616616"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616594"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616617"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21621154"
},
{
"name": "20120911 [SE-2012-01] Security vulnerabilities in IBM Java",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2012/Sep/38"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616652"
},
{
"name": "RHSA-2013:1455",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html"
},
{
"name": "IV29687",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV29687"
},
{
"name": "55495",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55495"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21615800"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616490"
},
{
"name": "51327",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51327"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21616546"
},
{
"name": "ibm-java-defineclass-code-execution(78767)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78767"
},
{
"name": "RHSA-2012:1467",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1467.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616708"
},
{
"name": "51634",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51634"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21615705"
},
{
"name": "RHSA-2013:1456",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html"
},
{
"name": "51326",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51326"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-09-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes \u0026 Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, allows remote attackers to execute arbitrary code via vectors related to \"insecure use of the java.lang.ClassLoder defineClass() method.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "RHSA-2012:1466",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1466.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616616"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616594"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616617"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21621154"
},
{
"name": "20120911 [SE-2012-01] Security vulnerabilities in IBM Java",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2012/Sep/38"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616652"
},
{
"name": "RHSA-2013:1455",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html"
},
{
"name": "IV29687",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV29687"
},
{
"name": "55495",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/55495"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21615800"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616490"
},
{
"name": "51327",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51327"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21616546"
},
{
"name": "ibm-java-defineclass-code-execution(78767)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78767"
},
{
"name": "RHSA-2012:1467",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1467.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616708"
},
{
"name": "51634",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51634"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21615705"
},
{
"name": "RHSA-2013:1456",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html"
},
{
"name": "51326",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51326"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2012-4823",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes \u0026 Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, allows remote attackers to execute arbitrary code via vectors related to \"insecure use of the java.lang.ClassLoder defineClass() method.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2012:1466",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1466.html"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21616616",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616616"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21616594",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616594"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21616617",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616617"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21621154",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21621154"
},
{
"name": "20120911 [SE-2012-01] Security vulnerabilities in IBM Java",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2012/Sep/38"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21616652",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616652"
},
{
"name": "RHSA-2013:1455",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html"
},
{
"name": "IV29687",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV29687"
},
{
"name": "55495",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55495"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21615800",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21615800"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21616490",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616490"
},
{
"name": "51327",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51327"
},
{
"name": "https://www-304.ibm.com/support/docview.wss?uid=swg21616546",
"refsource": "CONFIRM",
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21616546"
},
{
"name": "ibm-java-defineclass-code-execution(78767)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78767"
},
{
"name": "RHSA-2012:1467",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1467.html"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21616708",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616708"
},
{
"name": "51634",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51634"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21615705",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21615705"
},
{
"name": "RHSA-2013:1456",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html"
},
{
"name": "51326",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51326"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2012-4823",
"datePublished": "2013-01-11T00:00:00",
"dateReserved": "2012-09-06T00:00:00",
"dateUpdated": "2024-08-06T20:50:17.295Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-3990
Vulnerability from cvelistv5
Published
2013-08-09 19:00
Modified
2024-08-06 16:30
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the MIME e-mail functionality in iNotes in IBM Domino 9.0 before IF3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN98FLQ2.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21644599 | x_refsource_CONFIRM | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21645503 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/84971 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:30:49.376Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644599"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21645503"
},
{
"name": "inotes-cve20133990-xss(84971)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84971"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-07-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the MIME e-mail functionality in iNotes in IBM Domino 9.0 before IF3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN98FLQ2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644599"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21645503"
},
{
"name": "inotes-cve20133990-xss(84971)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84971"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-3990",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the MIME e-mail functionality in iNotes in IBM Domino 9.0 before IF3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN98FLQ2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21644599",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644599"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21645503",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21645503"
},
{
"name": "inotes-cve20133990-xss(84971)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84971"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2013-3990",
"datePublished": "2013-08-09T19:00:00",
"dateReserved": "2013-06-07T00:00:00",
"dateUpdated": "2024-08-06T16:30:49.376Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-0488
Vulnerability from cvelistv5
Published
2013-03-27 10:00
Modified
2024-08-06 14:25
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in webadmin.nsf (aka the Web Administrator client) in IBM Domino 8.5.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/81853 | vdb-entry, x_refsource_XF | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21627597 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:25:10.395Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "domino-webadmin-xss(81853)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81853"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21627597"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-03-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in webadmin.nsf (aka the Web Administrator client) in IBM Domino 8.5.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "domino-webadmin-xss(81853)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81853"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21627597"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-0488",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in webadmin.nsf (aka the Web Administrator client) in IBM Domino 8.5.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "domino-webadmin-xss(81853)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81853"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21627597",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21627597"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2013-0488",
"datePublished": "2013-03-27T10:00:00",
"dateReserved": "2012-12-16T00:00:00",
"dateUpdated": "2024-08-06T14:25:10.395Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-0029
Vulnerability from cvelistv5
Published
2004-01-08 05:00
Modified
2024-08-08 00:01
Severity ?
EPSS score ?
Summary
Lotus Notes Domino 6.0.2 on Linux installs the notes.ini configuration file with world-writable permissions, which allows local users to modify the Notes configuration and gain privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/9366 | vdb-entry, x_refsource_BID | |
| http://www.excluded.org/advisories/advisory05.txt | x_refsource_MISC | |
| http://www.securitytracker.com/id?1008623 | vdb-entry, x_refsource_SECTRACK | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/14153 | vdb-entry, x_refsource_XF | |
| http://marc.info/?l=bugtraq&m=107340897710308&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/10566 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.osvdb.org/3424 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:01:23.597Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "9366",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9366"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.excluded.org/advisories/advisory05.txt"
},
{
"name": "1008623",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1008623"
},
{
"name": "lotus-notes-insecure-permissions(14153)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14153"
},
{
"name": "20040106 Lotus Notes Domino 6.0.2 (linux) faulty default permissions",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107340897710308\u0026w=2"
},
{
"name": "10566",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/10566"
},
{
"name": "3424",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/3424"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-01-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Lotus Notes Domino 6.0.2 on Linux installs the notes.ini configuration file with world-writable permissions, which allows local users to modify the Notes configuration and gain privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "9366",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9366"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.excluded.org/advisories/advisory05.txt"
},
{
"name": "1008623",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1008623"
},
{
"name": "lotus-notes-insecure-permissions(14153)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14153"
},
{
"name": "20040106 Lotus Notes Domino 6.0.2 (linux) faulty default permissions",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107340897710308\u0026w=2"
},
{
"name": "10566",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/10566"
},
{
"name": "3424",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/3424"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0029",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Lotus Notes Domino 6.0.2 on Linux installs the notes.ini configuration file with world-writable permissions, which allows local users to modify the Notes configuration and gain privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "9366",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9366"
},
{
"name": "http://www.excluded.org/advisories/advisory05.txt",
"refsource": "MISC",
"url": "http://www.excluded.org/advisories/advisory05.txt"
},
{
"name": "1008623",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1008623"
},
{
"name": "lotus-notes-insecure-permissions(14153)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14153"
},
{
"name": "20040106 Lotus Notes Domino 6.0.2 (linux) faulty default permissions",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=107340897710308\u0026w=2"
},
{
"name": "10566",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/10566"
},
{
"name": "3424",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/3424"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0029",
"datePublished": "2004-01-08T05:00:00",
"dateReserved": "2004-01-06T00:00:00",
"dateUpdated": "2024-08-08T00:01:23.597Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-0914
Vulnerability from cvelistv5
Published
2011-02-08 21:00
Modified
2024-08-06 22:05
Severity ?
EPSS score ?
Summary
Integer signedness error in ndiiop.exe in the DIIOP implementation in the server in IBM Lotus Domino before 8.5.3 allows remote attackers to execute arbitrary code via a GIOP client request, leading to a heap-based buffer overflow.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/43208 | third-party-advisory, x_refsource_SECUNIA | |
| http://zerodayinitiative.com/advisories/ZDI-11-052/ | x_refsource_MISC | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21461514 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:05:54.845Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "43208",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43208"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-11-052/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21461514"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-02-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer signedness error in ndiiop.exe in the DIIOP implementation in the server in IBM Lotus Domino before 8.5.3 allows remote attackers to execute arbitrary code via a GIOP client request, leading to a heap-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-02-23T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "43208",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43208"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-11-052/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21461514"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0914",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer signedness error in ndiiop.exe in the DIIOP implementation in the server in IBM Lotus Domino before 8.5.3 allows remote attackers to execute arbitrary code via a GIOP client request, leading to a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43208",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43208"
},
{
"name": "http://zerodayinitiative.com/advisories/ZDI-11-052/",
"refsource": "MISC",
"url": "http://zerodayinitiative.com/advisories/ZDI-11-052/"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21461514",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21461514"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-0914",
"datePublished": "2011-02-08T21:00:00",
"dateReserved": "2011-02-08T00:00:00",
"dateUpdated": "2024-08-06T22:05:54.845Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-1621
Vulnerability from cvelistv5
Published
2005-02-20 05:00
Modified
2024-08-08 01:00
Severity ?
EPSS score ?
Summary
NOTE: this issue has been disputed by the vendor. Cross-site scripting (XSS) vulnerability in IBM Lotus Notes R6 and Domino R6, and possibly earlier versions, allows remote attackers to execute arbitrary web script or HTML via square brackets at the beginning and end of (1) computed for display, (2) computed when composed, or (3) computed text element fields. NOTE: the vendor has disputed this issue, saying that it is not a problem with Notes/Domino itself, but with the applications that do not properly handle this feature
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.kb.cert.org/vuls/id/404382 | third-party-advisory, x_refsource_CERT-VN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/17758 | vdb-entry, x_refsource_XF | |
| http://marc.info/?l=bugtraq&m=109841682529328&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/12891 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/11458 | vdb-entry, x_refsource_BID | |
| http://marc.info/?l=bugtraq&m=109812960023736&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://securitytracker.com/id?1011779 | vdb-entry, x_refsource_SECTRACK | |
| http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21187833 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:00:35.866Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#404382",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/404382"
},
{
"name": "lotus-notes-xss(17758)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17758"
},
{
"name": "20041021 Re: IBM Lotus Notes/Domino fails to encode Square Brackets ( [ ] )",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109841682529328\u0026w=2"
},
{
"name": "12891",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12891"
},
{
"name": "11458",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11458"
},
{
"name": "20041018 IBM Lotus Notes/Domino fails to encode Square Brackets ( [ ] )",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109812960023736\u0026w=2"
},
{
"name": "1011779",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1011779"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/docview.wss?rs=463\u0026uid=swg21187833"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-10-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "NOTE: this issue has been disputed by the vendor. Cross-site scripting (XSS) vulnerability in IBM Lotus Notes R6 and Domino R6, and possibly earlier versions, allows remote attackers to execute arbitrary web script or HTML via square brackets at the beginning and end of (1) computed for display, (2) computed when composed, or (3) computed text element fields. NOTE: the vendor has disputed this issue, saying that it is not a problem with Notes/Domino itself, but with the applications that do not properly handle this feature"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "VU#404382",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/404382"
},
{
"name": "lotus-notes-xss(17758)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17758"
},
{
"name": "20041021 Re: IBM Lotus Notes/Domino fails to encode Square Brackets ( [ ] )",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109841682529328\u0026w=2"
},
{
"name": "12891",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12891"
},
{
"name": "11458",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11458"
},
{
"name": "20041018 IBM Lotus Notes/Domino fails to encode Square Brackets ( [ ] )",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109812960023736\u0026w=2"
},
{
"name": "1011779",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1011779"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www-1.ibm.com/support/docview.wss?rs=463\u0026uid=swg21187833"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1621",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** NOTE: this issue has been disputed by the vendor. Cross-site scripting (XSS) vulnerability in IBM Lotus Notes R6 and Domino R6, and possibly earlier versions, allows remote attackers to execute arbitrary web script or HTML via square brackets at the beginning and end of (1) computed for display, (2) computed when composed, or (3) computed text element fields. NOTE: the vendor has disputed this issue, saying that it is not a problem with Notes/Domino itself, but with the applications that do not properly handle this feature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#404382",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/404382"
},
{
"name": "lotus-notes-xss(17758)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17758"
},
{
"name": "20041021 Re: IBM Lotus Notes/Domino fails to encode Square Brackets ( [ ] )",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=109841682529328\u0026w=2"
},
{
"name": "12891",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12891"
},
{
"name": "11458",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11458"
},
{
"name": "20041018 IBM Lotus Notes/Domino fails to encode Square Brackets ( [ ] )",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=109812960023736\u0026w=2"
},
{
"name": "1011779",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1011779"
},
{
"name": "http://www-1.ibm.com/support/docview.wss?rs=463\u0026uid=swg21187833",
"refsource": "MISC",
"url": "http://www-1.ibm.com/support/docview.wss?rs=463\u0026uid=swg21187833"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1621",
"datePublished": "2005-02-20T05:00:00",
"dateReserved": "2005-02-20T00:00:00",
"dateUpdated": "2024-08-08T01:00:35.866Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-0068
Vulnerability from cvelistv5
Published
2007-06-06 21:00
Modified
2024-08-07 12:03
Severity ?
EPSS score ?
Summary
IBM Lotus Domino 7.0.x before 7.0.3 does not revalidate the signature on a signed scheduled agent after the agent is modified, which allows remote authenticated users to gain privileges via a modified agent in a server database.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/25520 | third-party-advisory, x_refsource_SECUNIA | |
| http://www-1.ibm.com/support/docview.wss?uid=swg21258784 | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2007/2063 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/24322 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/35765 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/34718 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:03:37.022Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "25520",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25520"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21258784"
},
{
"name": "ADV-2007-2063",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2063"
},
{
"name": "24322",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24322"
},
{
"name": "35765",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/35765"
},
{
"name": "domino-signature-privilege-escalation(34718)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34718"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-06-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Lotus Domino 7.0.x before 7.0.3 does not revalidate the signature on a signed scheduled agent after the agent is modified, which allows remote authenticated users to gain privileges via a modified agent in a server database."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "25520",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25520"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21258784"
},
{
"name": "ADV-2007-2063",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2063"
},
{
"name": "24322",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24322"
},
{
"name": "35765",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/35765"
},
{
"name": "domino-signature-privilege-escalation(34718)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34718"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0068",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Lotus Domino 7.0.x before 7.0.3 does not revalidate the signature on a signed scheduled agent after the agent is modified, which allows remote authenticated users to gain privileges via a modified agent in a server database."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25520",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25520"
},
{
"name": "http://www-1.ibm.com/support/docview.wss?uid=swg21258784",
"refsource": "CONFIRM",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21258784"
},
{
"name": "ADV-2007-2063",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2063"
},
{
"name": "24322",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24322"
},
{
"name": "35765",
"refsource": "OSVDB",
"url": "http://osvdb.org/35765"
},
{
"name": "domino-signature-privilege-escalation(34718)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34718"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0068",
"datePublished": "2007-06-06T21:00:00",
"dateReserved": "2007-01-04T00:00:00",
"dateUpdated": "2024-08-07T12:03:37.022Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-0086
Vulnerability from cvelistv5
Published
2002-03-07 05:00
Modified
2024-08-08 02:35
Severity ?
EPSS score ?
Summary
Buffer overflow in bindsock in Lotus Domino 5.0.4 and 5.0.7 on Linux allows local users to gain root privileges via a long (1) Notes_ExecDirectory or (2) PATH environment variable.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/8585 | vdb-entry, x_refsource_XF | |
| http://www.esecurityonline.com/advisories/eSO4124.asp | x_refsource_MISC | |
| http://www-1.ibm.com/support/docview.wss?uid=swg21100441 | x_refsource_CONFIRM | |
| http://www-1.ibm.com/support/docview.wss?uid=swg21095569 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/4319 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/8583 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/4317 | vdb-entry, x_refsource_BID | |
| http://www.esecurityonline.com/advisories/eSO4126.asp | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:35:17.576Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "lotus-domino-path-bo(8585)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8585"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.esecurityonline.com/advisories/eSO4124.asp"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21100441"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21095569"
},
{
"name": "4319",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4319"
},
{
"name": "lotus-domino-notes-execdirectory-bo(8583)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8583"
},
{
"name": "4317",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4317"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.esecurityonline.com/advisories/eSO4126.asp"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-02-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in bindsock in Lotus Domino 5.0.4 and 5.0.7 on Linux allows local users to gain root privileges via a long (1) Notes_ExecDirectory or (2) PATH environment variable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "lotus-domino-path-bo(8585)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8585"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.esecurityonline.com/advisories/eSO4124.asp"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21100441"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21095569"
},
{
"name": "4319",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4319"
},
{
"name": "lotus-domino-notes-execdirectory-bo(8583)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8583"
},
{
"name": "4317",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4317"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.esecurityonline.com/advisories/eSO4126.asp"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0086",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in bindsock in Lotus Domino 5.0.4 and 5.0.7 on Linux allows local users to gain root privileges via a long (1) Notes_ExecDirectory or (2) PATH environment variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "lotus-domino-path-bo(8585)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8585"
},
{
"name": "http://www.esecurityonline.com/advisories/eSO4124.asp",
"refsource": "MISC",
"url": "http://www.esecurityonline.com/advisories/eSO4124.asp"
},
{
"name": "http://www-1.ibm.com/support/docview.wss?uid=swg21100441",
"refsource": "CONFIRM",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21100441"
},
{
"name": "http://www-1.ibm.com/support/docview.wss?uid=swg21095569",
"refsource": "CONFIRM",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21095569"
},
{
"name": "4319",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4319"
},
{
"name": "lotus-domino-notes-execdirectory-bo(8583)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8583"
},
{
"name": "4317",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4317"
},
{
"name": "http://www.esecurityonline.com/advisories/eSO4126.asp",
"refsource": "MISC",
"url": "http://www.esecurityonline.com/advisories/eSO4126.asp"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0086",
"datePublished": "2002-03-07T05:00:00",
"dateReserved": "2002-03-06T00:00:00",
"dateUpdated": "2024-08-08T02:35:17.576Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-0919
Vulnerability from cvelistv5
Published
2011-02-08 21:00
Modified
2024-08-06 22:05
Severity ?
EPSS score ?
Summary
Multiple stack-based buffer overflows in the (1) POP3 and (2) IMAP services in IBM Lotus Domino allow remote attackers to execute arbitrary code via non-printable characters in an envelope sender address, aka SPR KLYH87LLVJ.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/43224 | third-party-advisory, x_refsource_SECUNIA | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21461514 | x_refsource_MISC | |
| http://zerodayinitiative.com/advisories/ZDI-11-045/ | x_refsource_MISC | |
| http://www.securityfocus.com/archive/1/516232/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:05:54.636Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "43224",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43224"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21461514"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-11-045/"
},
{
"name": "20110207 ZDI-11-045: IBM Lotus Domino IMAP/POP3 Non-Printable Character Expansion Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/516232/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-02-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflows in the (1) POP3 and (2) IMAP services in IBM Lotus Domino allow remote attackers to execute arbitrary code via non-printable characters in an envelope sender address, aka SPR KLYH87LLVJ."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "43224",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43224"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21461514"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-11-045/"
},
{
"name": "20110207 ZDI-11-045: IBM Lotus Domino IMAP/POP3 Non-Printable Character Expansion Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/516232/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0919",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in the (1) POP3 and (2) IMAP services in IBM Lotus Domino allow remote attackers to execute arbitrary code via non-printable characters in an envelope sender address, aka SPR KLYH87LLVJ."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43224",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43224"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21461514",
"refsource": "MISC",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21461514"
},
{
"name": "http://zerodayinitiative.com/advisories/ZDI-11-045/",
"refsource": "MISC",
"url": "http://zerodayinitiative.com/advisories/ZDI-11-045/"
},
{
"name": "20110207 ZDI-11-045: IBM Lotus Domino IMAP/POP3 Non-Printable Character Expansion Remote Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/516232/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-0919",
"datePublished": "2011-02-08T21:00:00",
"dateReserved": "2011-02-08T00:00:00",
"dateUpdated": "2024-08-06T22:05:54.636Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-3510
Vulnerability from cvelistv5
Published
2007-10-29 21:00
Modified
2024-08-07 14:21
Severity ?
EPSS score ?
Summary
Buffer overflow in the IMAP service in IBM Lotus Domino before 6.5.6 FP2, and 7.x before 7.0.3, allows remote authenticated users to execute arbitrary code via a long mailbox name.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/37365 | vdb-entry, x_refsource_XF | |
| http://www-1.ibm.com/support/docview.wss?uid=swg21270623 | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2007/3598 | vdb-entry, x_refsource_VUPEN | |
| http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=605 | third-party-advisory, x_refsource_IDEFENSE | |
| http://www.securityfocus.com/bid/26176 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/27321 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securitytracker.com/id?1018854 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:21:35.611Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "domino-imap-bo(37365)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37365"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21270623"
},
{
"name": "ADV-2007-3598",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3598"
},
{
"name": "20071023 IBM Lotus Domino IMAP Buffer Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=605"
},
{
"name": "26176",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26176"
},
{
"name": "27321",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27321"
},
{
"name": "1018854",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018854"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-10-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the IMAP service in IBM Lotus Domino before 6.5.6 FP2, and 7.x before 7.0.3, allows remote authenticated users to execute arbitrary code via a long mailbox name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "domino-imap-bo(37365)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37365"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21270623"
},
{
"name": "ADV-2007-3598",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3598"
},
{
"name": "20071023 IBM Lotus Domino IMAP Buffer Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=605"
},
{
"name": "26176",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26176"
},
{
"name": "27321",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27321"
},
{
"name": "1018854",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018854"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3510",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the IMAP service in IBM Lotus Domino before 6.5.6 FP2, and 7.x before 7.0.3, allows remote authenticated users to execute arbitrary code via a long mailbox name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "domino-imap-bo(37365)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37365"
},
{
"name": "http://www-1.ibm.com/support/docview.wss?uid=swg21270623",
"refsource": "CONFIRM",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21270623"
},
{
"name": "ADV-2007-3598",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3598"
},
{
"name": "20071023 IBM Lotus Domino IMAP Buffer Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=605"
},
{
"name": "26176",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26176"
},
{
"name": "27321",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27321"
},
{
"name": "1018854",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018854"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3510",
"datePublished": "2007-10-29T21:00:00",
"dateReserved": "2007-07-02T00:00:00",
"dateUpdated": "2024-08-07T14:21:35.611Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-2428
Vulnerability from cvelistv5
Published
2005-08-03 04:00
Modified
2024-08-07 22:29
Severity ?
EPSS score ?
Summary
Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" enabled, stores sensitive data from names.nsf in hidden form fields, which allows remote attackers to read the HTML source to obtain sensitive information such as (1) the password hash in the HTTPPassword field, (2) the password change date in the HTTPPasswordChangeDate field, (3) the client platform in the ClntPltfrm field, (4) the client machine name in the ClntMachine field, and (5) the client Lotus Domino release in the ClntBld field, a different vulnerability than CVE-2005-2696.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=112240869130356&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/14389 | vdb-entry, x_refsource_BID | |
| https://www.exploit-db.com/exploits/39495/ | exploit, x_refsource_EXPLOIT-DB | |
| http://www-1.ibm.com/support/docview.wss?uid=swg21212934 | x_refsource_CONFIRM | |
| http://securitytracker.com/id?1014584 | vdb-entry, x_refsource_SECTRACK | |
| http://www.osvdb.org/18462 | vdb-entry, x_refsource_OSVDB | |
| http://www.cybsec.com/vuln/default_configuration_information_disclosure_lotus_domino.pdf | x_refsource_MISC | |
| http://www.securiteam.com/securitynews/5FP0E15GLQ.html | x_refsource_MISC | |
| http://secunia.com/advisories/16231/ | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/21556 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:29:59.319Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050726 CYBSEC - Security Advisory: Default Configuration Information",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112240869130356\u0026w=2"
},
{
"name": "14389",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14389"
},
{
"name": "39495",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/39495/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21212934"
},
{
"name": "1014584",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014584"
},
{
"name": "18462",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/18462"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cybsec.com/vuln/default_configuration_information_disclosure_lotus_domino.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securiteam.com/securitynews/5FP0E15GLQ.html"
},
{
"name": "16231",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16231/"
},
{
"name": "lotus-domino-names-obtain-information(21556)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21556"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-07-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Lotus Domino R5 and R6 WebMail, with \"Generate HTML for all fields\" enabled, stores sensitive data from names.nsf in hidden form fields, which allows remote attackers to read the HTML source to obtain sensitive information such as (1) the password hash in the HTTPPassword field, (2) the password change date in the HTTPPasswordChangeDate field, (3) the client platform in the ClntPltfrm field, (4) the client machine name in the ClntMachine field, and (5) the client Lotus Domino release in the ClntBld field, a different vulnerability than CVE-2005-2696."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-09T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050726 CYBSEC - Security Advisory: Default Configuration Information",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112240869130356\u0026w=2"
},
{
"name": "14389",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14389"
},
{
"name": "39495",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/39495/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21212934"
},
{
"name": "1014584",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014584"
},
{
"name": "18462",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/18462"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cybsec.com/vuln/default_configuration_information_disclosure_lotus_domino.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securiteam.com/securitynews/5FP0E15GLQ.html"
},
{
"name": "16231",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16231/"
},
{
"name": "lotus-domino-names-obtain-information(21556)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21556"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2428",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Lotus Domino R5 and R6 WebMail, with \"Generate HTML for all fields\" enabled, stores sensitive data from names.nsf in hidden form fields, which allows remote attackers to read the HTML source to obtain sensitive information such as (1) the password hash in the HTTPPassword field, (2) the password change date in the HTTPPasswordChangeDate field, (3) the client platform in the ClntPltfrm field, (4) the client machine name in the ClntMachine field, and (5) the client Lotus Domino release in the ClntBld field, a different vulnerability than CVE-2005-2696."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050726 CYBSEC - Security Advisory: Default Configuration Information",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=112240869130356\u0026w=2"
},
{
"name": "14389",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14389"
},
{
"name": "39495",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/39495/"
},
{
"name": "http://www-1.ibm.com/support/docview.wss?uid=swg21212934",
"refsource": "CONFIRM",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21212934"
},
{
"name": "1014584",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014584"
},
{
"name": "18462",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/18462"
},
{
"name": "http://www.cybsec.com/vuln/default_configuration_information_disclosure_lotus_domino.pdf",
"refsource": "MISC",
"url": "http://www.cybsec.com/vuln/default_configuration_information_disclosure_lotus_domino.pdf"
},
{
"name": "http://www.securiteam.com/securitynews/5FP0E15GLQ.html",
"refsource": "MISC",
"url": "http://www.securiteam.com/securitynews/5FP0E15GLQ.html"
},
{
"name": "16231",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16231/"
},
{
"name": "lotus-domino-names-obtain-information(21556)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21556"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2428",
"datePublished": "2005-08-03T04:00:00",
"dateReserved": "2005-08-03T00:00:00",
"dateUpdated": "2024-08-07T22:29:59.319Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-4822
Vulnerability from cvelistv5
Published
2013-01-11 00:00
Modified
2024-08-06 20:50
Severity ?
EPSS score ?
Summary
Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, allow remote attackers to execute arbitrary code via vectors related to "insecure use [of] multiple methods in the java.lang.class class."
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:50:16.938Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2012:1466",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1466.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616616"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616594"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616617"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21621154"
},
{
"name": "20120911 [SE-2012-01] Security vulnerabilities in IBM Java",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2012/Sep/38"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616652"
},
{
"name": "RHSA-2013:1455",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html"
},
{
"name": "IV29665",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV29665"
},
{
"name": "55495",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55495"
},
{
"name": "ibm-java-jlc-code-execution(78766)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78766"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21631786"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21615800"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616490"
},
{
"name": "51327",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51327"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21616546"
},
{
"name": "RHSA-2012:1467",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1467.html"
},
{
"name": "RHSA-2012:1465",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1465.html"
},
{
"name": "51328",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51328"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616708"
},
{
"name": "51634",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51634"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21615705"
},
{
"name": "RHSA-2013:1456",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html"
},
{
"name": "51393",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51393"
},
{
"name": "51326",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51326"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-09-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes \u0026 Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, allow remote attackers to execute arbitrary code via vectors related to \"insecure use [of] multiple methods in the java.lang.class class.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "RHSA-2012:1466",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1466.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616616"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616594"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616617"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21621154"
},
{
"name": "20120911 [SE-2012-01] Security vulnerabilities in IBM Java",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2012/Sep/38"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616652"
},
{
"name": "RHSA-2013:1455",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html"
},
{
"name": "IV29665",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV29665"
},
{
"name": "55495",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/55495"
},
{
"name": "ibm-java-jlc-code-execution(78766)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78766"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21631786"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21615800"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616490"
},
{
"name": "51327",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51327"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21616546"
},
{
"name": "RHSA-2012:1467",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1467.html"
},
{
"name": "RHSA-2012:1465",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1465.html"
},
{
"name": "51328",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51328"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616708"
},
{
"name": "51634",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51634"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21615705"
},
{
"name": "RHSA-2013:1456",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html"
},
{
"name": "51393",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51393"
},
{
"name": "51326",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51326"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2012-4822",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes \u0026 Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, allow remote attackers to execute arbitrary code via vectors related to \"insecure use [of] multiple methods in the java.lang.class class.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2012:1466",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1466.html"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21616616",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616616"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21616594",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616594"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21616617",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616617"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21621154",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21621154"
},
{
"name": "20120911 [SE-2012-01] Security vulnerabilities in IBM Java",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2012/Sep/38"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21616652",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616652"
},
{
"name": "RHSA-2013:1455",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html"
},
{
"name": "IV29665",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV29665"
},
{
"name": "55495",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55495"
},
{
"name": "ibm-java-jlc-code-execution(78766)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78766"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21631786",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21631786"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21615800",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21615800"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21616490",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616490"
},
{
"name": "51327",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51327"
},
{
"name": "https://www-304.ibm.com/support/docview.wss?uid=swg21616546",
"refsource": "CONFIRM",
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21616546"
},
{
"name": "RHSA-2012:1467",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1467.html"
},
{
"name": "RHSA-2012:1465",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1465.html"
},
{
"name": "51328",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51328"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21616708",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616708"
},
{
"name": "51634",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51634"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21615705",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21615705"
},
{
"name": "RHSA-2013:1456",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html"
},
{
"name": "51393",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51393"
},
{
"name": "51326",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51326"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2012-4822",
"datePublished": "2013-01-11T00:00:00",
"dateReserved": "2012-09-06T00:00:00",
"dateUpdated": "2024-08-06T20:50:16.938Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-0919
Vulnerability from cvelistv5
Published
2010-03-03 19:00
Modified
2024-08-07 01:06
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in the Lotus Domino Web Access ActiveX control in IBM Lotus iNotes (aka Domino Web Access or DWA) 6.5, 7.0 before 7.0.4, 8.0, 8.0.2, and before 229.281 for Domino 8.0.2 FP4 allows remote attackers to execute arbitrary code via a long URL argument to an unspecified method, aka PRAD7JTNHJ.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:06:52.455Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "inotes-activex-bo(56555)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56555"
},
{
"name": "62612",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/62612"
},
{
"name": "1023662",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1023662"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21421808"
},
{
"name": "ADV-2010-0496",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0496"
},
{
"name": "38459",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38459"
},
{
"name": "38755",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38755"
},
{
"name": "38744",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38744"
},
{
"name": "20100301 IBM Lotus Domino Web Access ActiveX Stack Buffer Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=857"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27018109"
},
{
"name": "38457",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38457"
},
{
"name": "38681",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38681"
},
{
"name": "ADV-2010-0495",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0495"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-02-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the Lotus Domino Web Access ActiveX control in IBM Lotus iNotes (aka Domino Web Access or DWA) 6.5, 7.0 before 7.0.4, 8.0, 8.0.2, and before 229.281 for Domino 8.0.2 FP4 allows remote attackers to execute arbitrary code via a long URL argument to an unspecified method, aka PRAD7JTNHJ."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "inotes-activex-bo(56555)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56555"
},
{
"name": "62612",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/62612"
},
{
"name": "1023662",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1023662"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21421808"
},
{
"name": "ADV-2010-0496",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0496"
},
{
"name": "38459",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38459"
},
{
"name": "38755",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38755"
},
{
"name": "38744",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38744"
},
{
"name": "20100301 IBM Lotus Domino Web Access ActiveX Stack Buffer Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=857"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27018109"
},
{
"name": "38457",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38457"
},
{
"name": "38681",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38681"
},
{
"name": "ADV-2010-0495",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0495"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0919",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the Lotus Domino Web Access ActiveX control in IBM Lotus iNotes (aka Domino Web Access or DWA) 6.5, 7.0 before 7.0.4, 8.0, 8.0.2, and before 229.281 for Domino 8.0.2 FP4 allows remote attackers to execute arbitrary code via a long URL argument to an unspecified method, aka PRAD7JTNHJ."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "inotes-activex-bo(56555)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56555"
},
{
"name": "62612",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/62612"
},
{
"name": "1023662",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023662"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21421808",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21421808"
},
{
"name": "ADV-2010-0496",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0496"
},
{
"name": "38459",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38459"
},
{
"name": "38755",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38755"
},
{
"name": "38744",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38744"
},
{
"name": "20100301 IBM Lotus Domino Web Access ActiveX Stack Buffer Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=857"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg27018109",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27018109"
},
{
"name": "38457",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38457"
},
{
"name": "38681",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38681"
},
{
"name": "ADV-2010-0495",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0495"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0919",
"datePublished": "2010-03-03T19:00:00",
"dateReserved": "2010-03-03T00:00:00",
"dateUpdated": "2024-08-07T01:06:52.455Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-3015
Vulnerability from cvelistv5
Published
2005-09-21 04:00
Modified
2024-09-16 17:02
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in IBM Lotus Domino 6.5.2 allows remote attackers to inject arbitrary web script or HTML via the (1) BaseTarget or (2) Src parameters.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/16830 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/14846 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/bid/14845 | vdb-entry, x_refsource_BID | |
| http://www-1.ibm.com/support/docview.wss?rs=0&uid=swg1LO07849&loc=en_US&cs=utf-8&cc=us&lang=all | x_refsource_CONFIRM | |
| http://www-1.ibm.com/support/docview.wss?uid=swg1LO07850 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:53:30.217Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "16830",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16830"
},
{
"name": "14846",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14846"
},
{
"name": "14845",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14845"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/docview.wss?rs=0\u0026uid=swg1LO07849\u0026loc=en_US\u0026cs=utf-8\u0026cc=us\u0026lang=all"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO07850"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM Lotus Domino 6.5.2 allows remote attackers to inject arbitrary web script or HTML via the (1) BaseTarget or (2) Src parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-09-21T04:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "16830",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16830"
},
{
"name": "14846",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14846"
},
{
"name": "14845",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14845"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-1.ibm.com/support/docview.wss?rs=0\u0026uid=swg1LO07849\u0026loc=en_US\u0026cs=utf-8\u0026cc=us\u0026lang=all"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO07850"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3015",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in IBM Lotus Domino 6.5.2 allows remote attackers to inject arbitrary web script or HTML via the (1) BaseTarget or (2) Src parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "16830",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16830"
},
{
"name": "14846",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14846"
},
{
"name": "14845",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14845"
},
{
"name": "http://www-1.ibm.com/support/docview.wss?rs=0\u0026uid=swg1LO07849\u0026loc=en_US\u0026cs=utf-8\u0026cc=us\u0026lang=all",
"refsource": "CONFIRM",
"url": "http://www-1.ibm.com/support/docview.wss?rs=0\u0026uid=swg1LO07849\u0026loc=en_US\u0026cs=utf-8\u0026cc=us\u0026lang=all"
},
{
"name": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO07850",
"refsource": "CONFIRM",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO07850"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3015",
"datePublished": "2005-09-21T04:00:00Z",
"dateReserved": "2005-09-21T00:00:00Z",
"dateUpdated": "2024-09-16T17:02:59.147Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-4819
Vulnerability from cvelistv5
Published
2006-12-29 11:00
Modified
2024-08-08 00:01
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Lotus Domino versions before 6.5.4 fix pack 1 (FP1) and versions before 7.0 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/alerts/2005/Sep/1014946.html | vdb-entry, x_refsource_SECTRACK | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/22358 | vdb-entry, x_refsource_XF | |
| http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21217285 | x_refsource_CONFIRM | |
| http://www-1.ibm.com/support/docview.wss?rs=0&uid=swg21201845 | x_refsource_MISC | |
| http://www.osvdb.org/displayvuln.php?osvdb_id=19614 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/14901 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:01:23.283Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1014946",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/alerts/2005/Sep/1014946.html"
},
{
"name": "lotusdomino-unknown-xss(22358)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22358"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/docview.wss?rs=463\u0026uid=swg21217285"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/docview.wss?rs=0\u0026uid=swg21201845"
},
{
"name": "19614",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/displayvuln.php?osvdb_id=19614"
},
{
"name": "14901",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14901"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-09-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Lotus Domino versions before 6.5.4 fix pack 1 (FP1) and versions before 7.0 allows remote attackers to inject arbitrary web script or HTML via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1014946",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/alerts/2005/Sep/1014946.html"
},
{
"name": "lotusdomino-unknown-xss(22358)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22358"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-1.ibm.com/support/docview.wss?rs=463\u0026uid=swg21217285"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www-1.ibm.com/support/docview.wss?rs=0\u0026uid=swg21201845"
},
{
"name": "19614",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/displayvuln.php?osvdb_id=19614"
},
{
"name": "14901",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14901"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4819",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Lotus Domino versions before 6.5.4 fix pack 1 (FP1) and versions before 7.0 allows remote attackers to inject arbitrary web script or HTML via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1014946",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/alerts/2005/Sep/1014946.html"
},
{
"name": "lotusdomino-unknown-xss(22358)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22358"
},
{
"name": "http://www-1.ibm.com/support/docview.wss?rs=463\u0026uid=swg21217285",
"refsource": "CONFIRM",
"url": "http://www-1.ibm.com/support/docview.wss?rs=463\u0026uid=swg21217285"
},
{
"name": "http://www-1.ibm.com/support/docview.wss?rs=0\u0026uid=swg21201845",
"refsource": "MISC",
"url": "http://www-1.ibm.com/support/docview.wss?rs=0\u0026uid=swg21201845"
},
{
"name": "19614",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/displayvuln.php?osvdb_id=19614"
},
{
"name": "14901",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14901"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4819",
"datePublished": "2006-12-29T11:00:00",
"dateReserved": "2006-12-29T00:00:00",
"dateUpdated": "2024-08-08T00:01:23.283Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-5700
Vulnerability from cvelistv5
Published
2007-10-29 21:00
Modified
2024-08-07 15:39
Severity ?
EPSS score ?
Summary
The Evaluate LotusScript method in IBM Lotus Domino before 7.0.3 uses an incorrect security context for @ formula commands in some circumstances, which might allow remote authenticated users to gain privileges and obtain sensitive information.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/40951 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/37369 | vdb-entry, x_refsource_XF | |
| http://www.vupen.com/english/advisories/2007/3598 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/26176 | vdb-entry, x_refsource_BID | |
| http://www-1.ibm.com/support/docview.wss?uid=swg21273266 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/27321 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:39:13.564Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "40951",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/40951"
},
{
"name": "domino-lotusscript-information-disclosure(37369)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37369"
},
{
"name": "ADV-2007-3598",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3598"
},
{
"name": "26176",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26176"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21273266"
},
{
"name": "27321",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27321"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-10-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Evaluate LotusScript method in IBM Lotus Domino before 7.0.3 uses an incorrect security context for @ formula commands in some circumstances, which might allow remote authenticated users to gain privileges and obtain sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "40951",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/40951"
},
{
"name": "domino-lotusscript-information-disclosure(37369)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37369"
},
{
"name": "ADV-2007-3598",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3598"
},
{
"name": "26176",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26176"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21273266"
},
{
"name": "27321",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27321"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5700",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Evaluate LotusScript method in IBM Lotus Domino before 7.0.3 uses an incorrect security context for @ formula commands in some circumstances, which might allow remote authenticated users to gain privileges and obtain sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "40951",
"refsource": "OSVDB",
"url": "http://osvdb.org/40951"
},
{
"name": "domino-lotusscript-information-disclosure(37369)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37369"
},
{
"name": "ADV-2007-3598",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3598"
},
{
"name": "26176",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26176"
},
{
"name": "http://www-1.ibm.com/support/docview.wss?uid=swg21273266",
"refsource": "CONFIRM",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21273266"
},
{
"name": "27321",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27321"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5700",
"datePublished": "2007-10-29T21:00:00",
"dateReserved": "2007-10-29T00:00:00",
"dateUpdated": "2024-08-07T15:39:13.564Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-3576
Vulnerability from cvelistv5
Published
2011-09-17 10:00
Modified
2024-08-06 23:37
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in IBM Lotus Domino 8.5.2 allows remote attackers to inject arbitrary web script or HTML via the PanelIcon parameter in an fmpgPanelHeader ReadForm action to WebAdmin.nsf.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/49701 | vdb-entry, x_refsource_BID | |
| http://www.research.reversingcode.com/index.php/advisories/73-ibm-ssd-1012211 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:37:48.385Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "49701",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/49701"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.research.reversingcode.com/index.php/advisories/73-ibm-ssd-1012211"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-03-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM Lotus Domino 8.5.2 allows remote attackers to inject arbitrary web script or HTML via the PanelIcon parameter in an fmpgPanelHeader ReadForm action to WebAdmin.nsf."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-09-23T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "49701",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/49701"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.research.reversingcode.com/index.php/advisories/73-ibm-ssd-1012211"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3576",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in IBM Lotus Domino 8.5.2 allows remote attackers to inject arbitrary web script or HTML via the PanelIcon parameter in an fmpgPanelHeader ReadForm action to WebAdmin.nsf."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "49701",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/49701"
},
{
"name": "http://www.research.reversingcode.com/index.php/advisories/73-ibm-ssd-1012211",
"refsource": "MISC",
"url": "http://www.research.reversingcode.com/index.php/advisories/73-ibm-ssd-1012211"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3576",
"datePublished": "2011-09-17T10:00:00",
"dateReserved": "2011-09-16T00:00:00",
"dateUpdated": "2024-08-06T23:37:48.385Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-0117
Vulnerability from cvelistv5
Published
2006-01-09 11:00
Modified
2024-08-07 16:25
Severity ?
EPSS score ?
Summary
Buffer overflow in IBM Lotus Notes and Domino Server before 6.5.5 allows attackers to cause a denial of service (router crash or hang) via unspecified vectors involving "CD to MIME Conversion".
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/21d8fd7989fdf78d852570e4001bae68?OpenDocument | x_refsource_CONFIRM | |
| http://www-1.ibm.com/support/docview.wss?uid=swg27007054 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/16158 | vdb-entry, x_refsource_BID | |
| http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/50c634bfe193efa5852570e4001baace?OpenDocument | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/24205 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/18328 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2006/0081 | vdb-entry, x_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:25:33.650Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/21d8fd7989fdf78d852570e4001bae68?OpenDocument"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg27007054"
},
{
"name": "16158",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16158"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/50c634bfe193efa5852570e4001baace?OpenDocument"
},
{
"name": "lotus-cdtomime-dos(24205)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24205"
},
{
"name": "18328",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18328"
},
{
"name": "ADV-2006-0081",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0081"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-01-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in IBM Lotus Notes and Domino Server before 6.5.5 allows attackers to cause a denial of service (router crash or hang) via unspecified vectors involving \"CD to MIME Conversion\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/21d8fd7989fdf78d852570e4001bae68?OpenDocument"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg27007054"
},
{
"name": "16158",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16158"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/50c634bfe193efa5852570e4001baace?OpenDocument"
},
{
"name": "lotus-cdtomime-dos(24205)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24205"
},
{
"name": "18328",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18328"
},
{
"name": "ADV-2006-0081",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0081"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0117",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in IBM Lotus Notes and Domino Server before 6.5.5 allows attackers to cause a denial of service (router crash or hang) via unspecified vectors involving \"CD to MIME Conversion\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/21d8fd7989fdf78d852570e4001bae68?OpenDocument",
"refsource": "CONFIRM",
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/21d8fd7989fdf78d852570e4001bae68?OpenDocument"
},
{
"name": "http://www-1.ibm.com/support/docview.wss?uid=swg27007054",
"refsource": "CONFIRM",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg27007054"
},
{
"name": "16158",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16158"
},
{
"name": "http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/50c634bfe193efa5852570e4001baace?OpenDocument",
"refsource": "CONFIRM",
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/50c634bfe193efa5852570e4001baace?OpenDocument"
},
{
"name": "lotus-cdtomime-dos(24205)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24205"
},
{
"name": "18328",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18328"
},
{
"name": "ADV-2006-0081",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0081"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0117",
"datePublished": "2006-01-09T11:00:00",
"dateReserved": "2006-01-09T00:00:00",
"dateUpdated": "2024-08-07T16:25:33.650Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4594
Vulnerability from cvelistv5
Published
2010-01-09 18:00
Modified
2024-08-07 07:08
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.131 for Domino 8.0.x has unknown impact and attack vectors, aka SPR SDOY7RHBNH.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/55548 | vdb-entry, x_refsource_XF | |
| http://www-01.ibm.com/support/docview.wss?uid=swg27015942 | x_refsource_CONFIRM | |
| http://www-01.ibm.com/support/docview.wss?uid=swg27016085 | x_refsource_CONFIRM | |
| http://www-01.ibm.com/support/docview.wss?uid=swg27017776 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:08:38.087Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "domino-web-access-unspecified(55548)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55548"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27015942"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27016085"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27017776"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-06-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.131 for Domino 8.0.x has unknown impact and attack vectors, aka SPR SDOY7RHBNH."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "domino-web-access-unspecified(55548)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55548"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27015942"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27016085"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27017776"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4594",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.131 for Domino 8.0.x has unknown impact and attack vectors, aka SPR SDOY7RHBNH."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "domino-web-access-unspecified(55548)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55548"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg27015942",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27015942"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg27016085",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27016085"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg27017776",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27017776"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4594",
"datePublished": "2010-01-09T18:00:00",
"dateReserved": "2010-01-09T00:00:00",
"dateUpdated": "2024-08-07T07:08:38.087Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-5544
Vulnerability from cvelistv5
Published
2007-10-29 21:00
Modified
2024-08-07 15:31
Severity ?
EPSS score ?
Summary
IBM Lotus Notes before 6.5.6, and 7.x before 7.0.3; and Domino before 6.5.5 FP3, and 7.x before 7.0.2 FP1; uses weak permissions (Everyone:Full Control) for memory mapped files (shared memory) in IPC, which allows local users to obtain sensitive information, or inject Lotus Script or other character sequences into a session.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-013.txt | x_refsource_MISC | |
| http://www.securityfocus.com/bid/26146 | vdb-entry, x_refsource_BID | |
| http://www.vupen.com/english/advisories/2007/3598 | vdb-entry, x_refsource_VUPEN | |
| http://www-1.ibm.com/support/docview.wss?uid=swg21257030 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/27321 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:31:59.000Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-013.txt"
},
{
"name": "26146",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26146"
},
{
"name": "ADV-2007-3598",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3598"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21257030"
},
{
"name": "27321",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27321"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-10-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Lotus Notes before 6.5.6, and 7.x before 7.0.3; and Domino before 6.5.5 FP3, and 7.x before 7.0.2 FP1; uses weak permissions (Everyone:Full Control) for memory mapped files (shared memory) in IPC, which allows local users to obtain sensitive information, or inject Lotus Script or other character sequences into a session."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-26T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-013.txt"
},
{
"name": "26146",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26146"
},
{
"name": "ADV-2007-3598",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3598"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21257030"
},
{
"name": "27321",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27321"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5544",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Lotus Notes before 6.5.6, and 7.x before 7.0.3; and Domino before 6.5.5 FP3, and 7.x before 7.0.2 FP1; uses weak permissions (Everyone:Full Control) for memory mapped files (shared memory) in IPC, which allows local users to obtain sensitive information, or inject Lotus Script or other character sequences into a session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-013.txt",
"refsource": "MISC",
"url": "http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-013.txt"
},
{
"name": "26146",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26146"
},
{
"name": "ADV-2007-3598",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3598"
},
{
"name": "http://www-1.ibm.com/support/docview.wss?uid=swg21257030",
"refsource": "CONFIRM",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21257030"
},
{
"name": "27321",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27321"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5544",
"datePublished": "2007-10-29T21:00:00",
"dateReserved": "2007-10-18T00:00:00",
"dateUpdated": "2024-08-07T15:31:59.000Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-5011
Vulnerability from cvelistv5
Published
2008-11-10 15:00
Modified
2024-08-07 10:40
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Quickr 8.1 before 8.1.0.2 services for Lotus Domino allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to qpconfig_sample.xml, aka SPR CWIR7KMPVP and THES7F9NVR, a different vulnerability than CVE-2008-2163 and CVE-2008-3860.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2008/3081 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/32574 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/46463 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/32212 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/49778 | vdb-entry, x_refsource_OSVDB | |
| http://osvdb.org/49777 | vdb-entry, x_refsource_OSVDB | |
| http://www-01.ibm.com/support/docview.wss?uid=swg27013341 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:40:17.079Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2008-3081",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/3081"
},
{
"name": "32574",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32574"
},
{
"name": "lotus-quickr-multiple-unspecified-xss(46463)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46463"
},
{
"name": "32212",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32212"
},
{
"name": "49778",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/49778"
},
{
"name": "49777",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/49777"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27013341"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Quickr 8.1 before 8.1.0.2 services for Lotus Domino allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to qpconfig_sample.xml, aka SPR CWIR7KMPVP and THES7F9NVR, a different vulnerability than CVE-2008-2163 and CVE-2008-3860."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2008-3081",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/3081"
},
{
"name": "32574",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32574"
},
{
"name": "lotus-quickr-multiple-unspecified-xss(46463)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46463"
},
{
"name": "32212",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32212"
},
{
"name": "49778",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/49778"
},
{
"name": "49777",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/49777"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27013341"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5011",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Quickr 8.1 before 8.1.0.2 services for Lotus Domino allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to qpconfig_sample.xml, aka SPR CWIR7KMPVP and THES7F9NVR, a different vulnerability than CVE-2008-2163 and CVE-2008-3860."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-3081",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3081"
},
{
"name": "32574",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32574"
},
{
"name": "lotus-quickr-multiple-unspecified-xss(46463)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46463"
},
{
"name": "32212",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32212"
},
{
"name": "49778",
"refsource": "OSVDB",
"url": "http://osvdb.org/49778"
},
{
"name": "49777",
"refsource": "OSVDB",
"url": "http://osvdb.org/49777"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg27013341",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27013341"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5011",
"datePublished": "2008-11-10T15:00:00",
"dateReserved": "2008-11-10T00:00:00",
"dateUpdated": "2024-08-07T10:40:17.079Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-0243
Vulnerability from cvelistv5
Published
2008-01-12 02:00
Modified
2024-08-07 07:39
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in Lotus Domino 7.0.2 before Fix Pack 3 allows attackers to cause a denial of service via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2008/0086 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/27215 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/28411 | third-party-advisory, x_refsource_SECUNIA | |
| http://www-1.ibm.com/support/docview.wss?uid=swg27011539 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/39588 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:39:34.203Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2008-0086",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0086"
},
{
"name": "27215",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27215"
},
{
"name": "28411",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28411"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg27011539"
},
{
"name": "lotus-domino-unspecified-dos(39588)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39588"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Lotus Domino 7.0.2 before Fix Pack 3 allows attackers to cause a denial of service via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2008-0086",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0086"
},
{
"name": "27215",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27215"
},
{
"name": "28411",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28411"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg27011539"
},
{
"name": "lotus-domino-unspecified-dos(39588)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39588"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0243",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Lotus Domino 7.0.2 before Fix Pack 3 allows attackers to cause a denial of service via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-0086",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0086"
},
{
"name": "27215",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27215"
},
{
"name": "28411",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28411"
},
{
"name": "http://www-1.ibm.com/support/docview.wss?uid=swg27011539",
"refsource": "CONFIRM",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg27011539"
},
{
"name": "lotus-domino-unspecified-dos(39588)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39588"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0243",
"datePublished": "2008-01-12T02:00:00",
"dateReserved": "2008-01-11T00:00:00",
"dateUpdated": "2024-08-07T07:39:34.203Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-0122
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 01:43
Severity ?
EPSS score ?
Summary
Buffer overflow in Notes server before Lotus Notes R4, R5 before 5.0.11, and early R6 allows remote attackers to execute arbitrary code via a long distinguished name (DN) during NotesRPC authentication and an outer field length that is less than that of the DN field.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.cert.org/advisories/CA-2003-11.html | third-party-advisory, x_refsource_CERT | |
| http://www.ciac.org/ciac/bulletins/n-065.shtml | third-party-advisory, government-resource, x_refsource_CIAC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/11526 | vdb-entry, x_refsource_XF | |
| http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0125.html | mailing-list, x_refsource_VULNWATCH | |
| http://www.rapid7.com/advisories/R7-0010.html | x_refsource_MISC | |
| http://www.kb.cert.org/vuls/id/433489 | third-party-advisory, x_refsource_CERT-VN | |
| http://www-1.ibm.com/support/docview.wss?rs=482&q=Domino&uid=swg21105101 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/7037 | vdb-entry, x_refsource_BID | |
| http://marc.info/?l=bugtraq&m=104757319829443&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:43:35.413Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "CA-2003-11",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.cert.org/advisories/CA-2003-11.html"
},
{
"name": "N-065",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC",
"x_transferred"
],
"url": "http://www.ciac.org/ciac/bulletins/n-065.shtml"
},
{
"name": "lotus-nrpc-bo(11526)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11526"
},
{
"name": "20030313 R7-0010: Buffer Overflow in Lotus Notes Protocol Authentication",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0125.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.rapid7.com/advisories/R7-0010.html"
},
{
"name": "VU#433489",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/433489"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/docview.wss?rs=482\u0026q=Domino\u0026uid=swg21105101"
},
{
"name": "7037",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/7037"
},
{
"name": "20030313 R7-0010: Buffer Overflow in Lotus Notes Protocol Authentication",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104757319829443\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-03-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Notes server before Lotus Notes R4, R5 before 5.0.11, and early R6 allows remote attackers to execute arbitrary code via a long distinguished name (DN) during NotesRPC authentication and an outer field length that is less than that of the DN field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-11-13T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "CA-2003-11",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.cert.org/advisories/CA-2003-11.html"
},
{
"name": "N-065",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC"
],
"url": "http://www.ciac.org/ciac/bulletins/n-065.shtml"
},
{
"name": "lotus-nrpc-bo(11526)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11526"
},
{
"name": "20030313 R7-0010: Buffer Overflow in Lotus Notes Protocol Authentication",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0125.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.rapid7.com/advisories/R7-0010.html"
},
{
"name": "VU#433489",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/433489"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-1.ibm.com/support/docview.wss?rs=482\u0026q=Domino\u0026uid=swg21105101"
},
{
"name": "7037",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/7037"
},
{
"name": "20030313 R7-0010: Buffer Overflow in Lotus Notes Protocol Authentication",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104757319829443\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0122",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Notes server before Lotus Notes R4, R5 before 5.0.11, and early R6 allows remote attackers to execute arbitrary code via a long distinguished name (DN) during NotesRPC authentication and an outer field length that is less than that of the DN field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "CA-2003-11",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2003-11.html"
},
{
"name": "N-065",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/n-065.shtml"
},
{
"name": "lotus-nrpc-bo(11526)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11526"
},
{
"name": "20030313 R7-0010: Buffer Overflow in Lotus Notes Protocol Authentication",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0125.html"
},
{
"name": "http://www.rapid7.com/advisories/R7-0010.html",
"refsource": "MISC",
"url": "http://www.rapid7.com/advisories/R7-0010.html"
},
{
"name": "VU#433489",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/433489"
},
{
"name": "http://www-1.ibm.com/support/docview.wss?rs=482\u0026q=Domino\u0026uid=swg21105101",
"refsource": "CONFIRM",
"url": "http://www-1.ibm.com/support/docview.wss?rs=482\u0026q=Domino\u0026uid=swg21105101"
},
{
"name": "7037",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/7037"
},
{
"name": "20030313 R7-0010: Buffer Overflow in Lotus Notes Protocol Authentication",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=104757319829443\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0122",
"datePublished": "2004-09-01T04:00:00",
"dateReserved": "2003-03-10T00:00:00",
"dateUpdated": "2024-08-08T01:43:35.413Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-0920
Vulnerability from cvelistv5
Published
2011-02-08 21:00
Modified
2024-09-17 00:02
Severity ?
EPSS score ?
Summary
The Remote Console in IBM Lotus Domino, when a certain unsupported configuration involving UNC share pathnames is used, allows remote attackers to bypass authentication and execute arbitrary code via unspecified vectors, aka SPR PRAD89WGRS.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21461514 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:05:54.744Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21461514"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Remote Console in IBM Lotus Domino, when a certain unsupported configuration involving UNC share pathnames is used, allows remote attackers to bypass authentication and execute arbitrary code via unspecified vectors, aka SPR PRAD89WGRS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-02-08T21:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21461514"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0920",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Remote Console in IBM Lotus Domino, when a certain unsupported configuration involving UNC share pathnames is used, allows remote attackers to bypass authentication and execute arbitrary code via unspecified vectors, aka SPR PRAD89WGRS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21461514",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21461514"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-0920",
"datePublished": "2011-02-08T21:00:00Z",
"dateReserved": "2011-02-08T00:00:00Z",
"dateUpdated": "2024-09-17T00:02:28.105Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-7285
Vulnerability from cvelistv5
Published
2011-03-22 17:00
Modified
2024-09-17 03:48
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the docnote string handling implementation in IBM Lotus Quickr 8.1 before 8.1.0.2 services for Lotus Domino allows remote attackers to cause a denial of service (daemon crash) via unknown vectors, aka SPR JFLD7GZT25.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg27013341 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:03:36.582Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27013341"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the docnote string handling implementation in IBM Lotus Quickr 8.1 before 8.1.0.2 services for Lotus Domino allows remote attackers to cause a denial of service (daemon crash) via unknown vectors, aka SPR JFLD7GZT25."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-03-22T17:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27013341"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7285",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the docnote string handling implementation in IBM Lotus Quickr 8.1 before 8.1.0.2 services for Lotus Domino allows remote attackers to cause a denial of service (daemon crash) via unknown vectors, aka SPR JFLD7GZT25."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg27013341",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27013341"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-7285",
"datePublished": "2011-03-22T17:00:00Z",
"dateReserved": "2011-03-22T00:00:00Z",
"dateUpdated": "2024-09-17T03:48:42.668Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4068
Vulnerability from cvelistv5
Published
2013-09-20 15:00
Modified
2024-08-06 16:30
Severity ?
EPSS score ?
Summary
Buffer overflow in iNotes in IBM Domino 8.5.3 before FP5 IF1 and 9.0 before IF4 allows remote authenticated users to execute arbitrary code via unspecified vectors, aka SPR PTHN9ADPA8.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21650034 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/86599 | vdb-entry, x_refsource_XF | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21649476 | x_refsource_CONFIRM | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21650146 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:30:49.987Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21650034"
},
{
"name": "ibm-inotes-cve20134068-bo(86599)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86599"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21649476"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21650146"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-09-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in iNotes in IBM Domino 8.5.3 before FP5 IF1 and 9.0 before IF4 allows remote authenticated users to execute arbitrary code via unspecified vectors, aka SPR PTHN9ADPA8."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21650034"
},
{
"name": "ibm-inotes-cve20134068-bo(86599)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86599"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21649476"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21650146"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-4068",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in iNotes in IBM Domino 8.5.3 before FP5 IF1 and 9.0 before IF4 allows remote authenticated users to execute arbitrary code via unspecified vectors, aka SPR PTHN9ADPA8."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21650034",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21650034"
},
{
"name": "ibm-inotes-cve20134068-bo(86599)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86599"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21649476",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21649476"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21650146",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21650146"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2013-4068",
"datePublished": "2013-09-20T15:00:00",
"dateReserved": "2013-06-07T00:00:00",
"dateUpdated": "2024-08-06T16:30:49.987Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-3087
Vulnerability from cvelistv5
Published
2009-09-08 18:00
Modified
2024-09-17 00:25
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in nserver.exe in the server in IBM Lotus Domino 8.0 on Windows Server 2003 allows remote attackers to cause a denial of service (daemon crash) via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/36556 | third-party-advisory, x_refsource_SECUNIA | |
| http://intevydis.com/vd-list.shtml | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:14:55.607Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "36556",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36556"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://intevydis.com/vd-list.shtml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in nserver.exe in the server in IBM Lotus Domino 8.0 on Windows Server 2003 allows remote attackers to cause a denial of service (daemon crash) via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-09-08T18:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "36556",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36556"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://intevydis.com/vd-list.shtml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3087",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in nserver.exe in the server in IBM Lotus Domino 8.0 on Windows Server 2003 allows remote attackers to cause a denial of service (daemon crash) via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36556",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36556"
},
{
"name": "http://intevydis.com/vd-list.shtml",
"refsource": "MISC",
"url": "http://intevydis.com/vd-list.shtml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3087",
"datePublished": "2009-09-08T18:00:00Z",
"dateReserved": "2009-09-08T00:00:00Z",
"dateUpdated": "2024-09-17T00:25:28.699Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-3407
Vulnerability from cvelistv5
Published
2010-09-16 20:00
Modified
2024-08-07 03:11
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in the MailCheck821Address function in nnotes.dll in the nrouter.exe service in the server in IBM Lotus Domino 8.0.x before 8.0.2 FP5 and 8.5.x before 8.5.1 FP2 allows remote attackers to execute arbitrary code via a long e-mail address in an ORGANIZER:mailto header in an iCalendar calendar-invitation e-mail message, aka SPR NRBY7ZPJ9V.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:11:43.737Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "lotus-domino-icalendar-bo(61790)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61790"
},
{
"name": "ADV-2010-2381",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/2381"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/8d1c0550e6242b69852570c900549a74/af36678d60bd74288525778400534d7c?OpenDocument"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-177/"
},
{
"name": "43219",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/43219"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/8d1c0550e6242b69852570c900549a74/52f9218288b51dcb852576c600741f72?OpenDocument"
},
{
"name": "41433",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/41433"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://labs.mwrinfosecurity.com/files/Advisories/mwri_lotus-domino-ical-stack-overflow_2010-09-14.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/8d1c0550e6242b69852570c900549a74/613a204806e3f211852576e2006afa3d?OpenDocument"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21446515"
},
{
"name": "1024448",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1024448"
},
{
"name": "15005",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/15005"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://labs.mwrinfosecurity.com/advisories/lotus_domino_ical_stack_buffer_overflow/"
},
{
"name": "20100914 ZDI-10-177: IBM Lotus Domino iCalendar MAILTO Stack Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/513706/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-09-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the MailCheck821Address function in nnotes.dll in the nrouter.exe service in the server in IBM Lotus Domino 8.0.x before 8.0.2 FP5 and 8.5.x before 8.5.1 FP2 allows remote attackers to execute arbitrary code via a long e-mail address in an ORGANIZER:mailto header in an iCalendar calendar-invitation e-mail message, aka SPR NRBY7ZPJ9V."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "lotus-domino-icalendar-bo(61790)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61790"
},
{
"name": "ADV-2010-2381",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/2381"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/8d1c0550e6242b69852570c900549a74/af36678d60bd74288525778400534d7c?OpenDocument"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-177/"
},
{
"name": "43219",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/43219"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/8d1c0550e6242b69852570c900549a74/52f9218288b51dcb852576c600741f72?OpenDocument"
},
{
"name": "41433",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/41433"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://labs.mwrinfosecurity.com/files/Advisories/mwri_lotus-domino-ical-stack-overflow_2010-09-14.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/8d1c0550e6242b69852570c900549a74/613a204806e3f211852576e2006afa3d?OpenDocument"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21446515"
},
{
"name": "1024448",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1024448"
},
{
"name": "15005",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/15005"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://labs.mwrinfosecurity.com/advisories/lotus_domino_ical_stack_buffer_overflow/"
},
{
"name": "20100914 ZDI-10-177: IBM Lotus Domino iCalendar MAILTO Stack Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/513706/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3407",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the MailCheck821Address function in nnotes.dll in the nrouter.exe service in the server in IBM Lotus Domino 8.0.x before 8.0.2 FP5 and 8.5.x before 8.5.1 FP2 allows remote attackers to execute arbitrary code via a long e-mail address in an ORGANIZER:mailto header in an iCalendar calendar-invitation e-mail message, aka SPR NRBY7ZPJ9V."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "lotus-domino-icalendar-bo(61790)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61790"
},
{
"name": "ADV-2010-2381",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2381"
},
{
"name": "http://www-10.lotus.com/ldd/r5fixlist.nsf/8d1c0550e6242b69852570c900549a74/af36678d60bd74288525778400534d7c?OpenDocument",
"refsource": "MISC",
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/8d1c0550e6242b69852570c900549a74/af36678d60bd74288525778400534d7c?OpenDocument"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-10-177/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-177/"
},
{
"name": "43219",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/43219"
},
{
"name": "http://www-10.lotus.com/ldd/r5fixlist.nsf/8d1c0550e6242b69852570c900549a74/52f9218288b51dcb852576c600741f72?OpenDocument",
"refsource": "MISC",
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/8d1c0550e6242b69852570c900549a74/52f9218288b51dcb852576c600741f72?OpenDocument"
},
{
"name": "41433",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41433"
},
{
"name": "http://labs.mwrinfosecurity.com/files/Advisories/mwri_lotus-domino-ical-stack-overflow_2010-09-14.pdf",
"refsource": "MISC",
"url": "http://labs.mwrinfosecurity.com/files/Advisories/mwri_lotus-domino-ical-stack-overflow_2010-09-14.pdf"
},
{
"name": "http://www-10.lotus.com/ldd/r5fixlist.nsf/8d1c0550e6242b69852570c900549a74/613a204806e3f211852576e2006afa3d?OpenDocument",
"refsource": "MISC",
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/8d1c0550e6242b69852570c900549a74/613a204806e3f211852576e2006afa3d?OpenDocument"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21446515",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21446515"
},
{
"name": "1024448",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1024448"
},
{
"name": "15005",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/15005"
},
{
"name": "http://labs.mwrinfosecurity.com/advisories/lotus_domino_ical_stack_buffer_overflow/",
"refsource": "CONFIRM",
"url": "http://labs.mwrinfosecurity.com/advisories/lotus_domino_ical_stack_buffer_overflow/"
},
{
"name": "20100914 ZDI-10-177: IBM Lotus Domino iCalendar MAILTO Stack Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/513706/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-3407",
"datePublished": "2010-09-16T20:00:00",
"dateReserved": "2010-09-16T00:00:00",
"dateUpdated": "2024-08-07T03:11:43.737Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-0921
Vulnerability from cvelistv5
Published
2010-03-03 19:00
Modified
2024-08-07 01:06
Severity ?
EPSS score ?
Summary
Cross-site request forgery (CSRF) vulnerability in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.281 for Domino 8.0.2 FP4 allows remote attackers to hijack the authentication of unspecified victims via vectors related to lack of "XSS/CSRF Get Filter and Referer Check fixes."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2010/0496 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/38459 | vdb-entry, x_refsource_BID | |
| http://www-01.ibm.com/support/docview.wss?uid=swg27018109 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/56556 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:06:52.236Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2010-0496",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0496"
},
{
"name": "38459",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38459"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27018109"
},
{
"name": "inotes-getfilter-csrf(56556)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56556"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-02-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.281 for Domino 8.0.2 FP4 allows remote attackers to hijack the authentication of unspecified victims via vectors related to lack of \"XSS/CSRF Get Filter and Referer Check fixes.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2010-0496",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0496"
},
{
"name": "38459",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38459"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27018109"
},
{
"name": "inotes-getfilter-csrf(56556)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56556"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0921",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.281 for Domino 8.0.2 FP4 allows remote attackers to hijack the authentication of unspecified victims via vectors related to lack of \"XSS/CSRF Get Filter and Referer Check fixes.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2010-0496",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0496"
},
{
"name": "38459",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38459"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg27018109",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27018109"
},
{
"name": "inotes-getfilter-csrf(56556)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56556"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0921",
"datePublished": "2010-03-03T19:00:00",
"dateReserved": "2010-03-03T00:00:00",
"dateUpdated": "2024-08-07T01:06:52.236Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-0822
Vulnerability from cvelistv5
Published
2014-02-06 23:00
Modified
2024-08-06 09:27
Severity ?
EPSS score ?
Summary
The IMAP server in IBM Domino 8.5.x before 8.5.3 FP6 IF1 and 9.0.x before 9.0.1 FP1 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, aka SPR KLYH9F4S2Z.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/102912 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/56791 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/90235 | vdb-entry, x_refsource_XF | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21663023 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:27:20.276Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "102912",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/102912"
},
{
"name": "56791",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/56791"
},
{
"name": "ibm-domino-cve20140822-dos(90235)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90235"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21663023"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-02-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The IMAP server in IBM Domino 8.5.x before 8.5.3 FP6 IF1 and 9.0.x before 9.0.1 FP1 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, aka SPR KLYH9F4S2Z."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-02T19:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "102912",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/102912"
},
{
"name": "56791",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/56791"
},
{
"name": "ibm-domino-cve20140822-dos(90235)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90235"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21663023"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-0822",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The IMAP server in IBM Domino 8.5.x before 8.5.3 FP6 IF1 and 9.0.x before 9.0.1 FP1 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, aka SPR KLYH9F4S2Z."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "102912",
"refsource": "OSVDB",
"url": "http://osvdb.org/102912"
},
{
"name": "56791",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56791"
},
{
"name": "ibm-domino-cve20140822-dos(90235)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90235"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21663023",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21663023"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-0822",
"datePublished": "2014-02-06T23:00:00",
"dateReserved": "2014-01-06T00:00:00",
"dateUpdated": "2024-08-06T09:27:20.276Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-7284
Vulnerability from cvelistv5
Published
2011-03-22 17:00
Modified
2024-09-17 00:01
Severity ?
EPSS score ?
Summary
IBM Lotus Quickr 8.1 before 8100.003 services for Lotus Domino allows remote authenticated users to cause a denial of service (daemon crash) by clicking a download link, aka SPR QCAO7E6AM8.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg27013341 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:03:36.850Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27013341"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "IBM Lotus Quickr 8.1 before 8100.003 services for Lotus Domino allows remote authenticated users to cause a denial of service (daemon crash) by clicking a download link, aka SPR QCAO7E6AM8."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-03-22T17:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27013341"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7284",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Lotus Quickr 8.1 before 8100.003 services for Lotus Domino allows remote authenticated users to cause a denial of service (daemon crash) by clicking a download link, aka SPR QCAO7E6AM8."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg27013341",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27013341"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-7284",
"datePublished": "2011-03-22T17:00:00Z",
"dateReserved": "2011-03-22T00:00:00Z",
"dateUpdated": "2024-09-17T00:01:38.981Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-0591
Vulnerability from cvelistv5
Published
2013-08-27 01:00
Modified
2024-08-06 14:33
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in iNotes 8.5.x in IBM Lotus Domino 8.5 before 8.5.3 FP5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN95XNR3, a different vulnerability than CVE-2013-0590.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21647740 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/83381 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:33:05.590Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21647740"
},
{
"name": "inotes-cve20130591-xss(83381)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83381"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in iNotes 8.5.x in IBM Lotus Domino 8.5 before 8.5.3 FP5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN95XNR3, a different vulnerability than CVE-2013-0590."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21647740"
},
{
"name": "inotes-cve20130591-xss(83381)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83381"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-0591",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in iNotes 8.5.x in IBM Lotus Domino 8.5 before 8.5.3 FP5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN95XNR3, a different vulnerability than CVE-2013-0590."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21647740",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21647740"
},
{
"name": "inotes-cve20130591-xss(83381)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83381"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2013-0591",
"datePublished": "2013-08-27T01:00:00",
"dateReserved": "2012-12-16T00:00:00",
"dateUpdated": "2024-08-06T14:33:05.590Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-5058
Vulnerability from cvelistv5
Published
2011-03-22 17:00
Modified
2024-09-16 22:15
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.5 services for Lotus Domino allows remote authenticated users to cause a denial of service (daemon crash) by deleting an item that is accessed through a connector, aka SPR RELS7LARKR.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg27013341 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:24:54.046Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27013341"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.5 services for Lotus Domino allows remote authenticated users to cause a denial of service (daemon crash) by deleting an item that is accessed through a connector, aka SPR RELS7LARKR."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-03-22T17:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27013341"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-5058",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.5 services for Lotus Domino allows remote authenticated users to cause a denial of service (daemon crash) by deleting an item that is accessed through a connector, aka SPR RELS7LARKR."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg27013341",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27013341"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-5058",
"datePublished": "2011-03-22T17:00:00Z",
"dateReserved": "2011-03-22T00:00:00Z",
"dateUpdated": "2024-09-16T22:15:44.966Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-1675
Vulnerability from cvelistv5
Published
2007-03-28 21:00
Modified
2024-08-07 13:06
Severity ?
EPSS score ?
Summary
Buffer overflow in the CRAM-MD5 authentication mechanism in the IMAP server (nimap.exe) in IBM Lotus Domino before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to cause a denial of service via a long username.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/23173 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/bid/23172 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/24633 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/33276 | vdb-entry, x_refsource_XF | |
| http://www.securitytracker.com/id?1017823 | vdb-entry, x_refsource_SECTRACK | |
| http://www.zerodayinitiative.com/advisories/ZDI-07-011.html | x_refsource_MISC | |
| http://www-1.ibm.com/support/docview.wss?uid=swg21257028 | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2007/1133 | vdb-entry, x_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:06:25.984Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "23173",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23173"
},
{
"name": "23172",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23172"
},
{
"name": "24633",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24633"
},
{
"name": "domino-imap-crammd5-bo(33276)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33276"
},
{
"name": "1017823",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017823"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-011.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21257028"
},
{
"name": "ADV-2007-1133",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1133"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the CRAM-MD5 authentication mechanism in the IMAP server (nimap.exe) in IBM Lotus Domino before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to cause a denial of service via a long username."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "23173",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23173"
},
{
"name": "23172",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23172"
},
{
"name": "24633",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24633"
},
{
"name": "domino-imap-crammd5-bo(33276)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33276"
},
{
"name": "1017823",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017823"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-011.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21257028"
},
{
"name": "ADV-2007-1133",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1133"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1675",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the CRAM-MD5 authentication mechanism in the IMAP server (nimap.exe) in IBM Lotus Domino before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to cause a denial of service via a long username."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "23173",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23173"
},
{
"name": "23172",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23172"
},
{
"name": "24633",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24633"
},
{
"name": "domino-imap-crammd5-bo(33276)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33276"
},
{
"name": "1017823",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017823"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-07-011.html",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-011.html"
},
{
"name": "http://www-1.ibm.com/support/docview.wss?uid=swg21257028",
"refsource": "CONFIRM",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21257028"
},
{
"name": "ADV-2007-1133",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1133"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1675",
"datePublished": "2007-03-28T21:00:00",
"dateReserved": "2007-03-24T00:00:00",
"dateUpdated": "2024-08-07T13:06:25.984Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-4844
Vulnerability from cvelistv5
Published
2013-02-27 21:00
Modified
2024-08-06 20:50
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the web server in IBM Lotus Domino 8.5.x through 8.5.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/79233 | vdb-entry, x_refsource_XF | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21614077 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:50:16.878Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "lotus-domino-names-xss(79233)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79233"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21614077"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-11-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the web server in IBM Lotus Domino 8.5.x through 8.5.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "lotus-domino-names-xss(79233)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79233"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21614077"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2012-4844",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the web server in IBM Lotus Domino 8.5.x through 8.5.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "lotus-domino-names-xss(79233)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79233"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21614077",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21614077"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2012-4844",
"datePublished": "2013-02-27T21:00:00",
"dateReserved": "2012-09-06T00:00:00",
"dateUpdated": "2024-08-06T20:50:16.878Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-5389
Vulnerability from cvelistv5
Published
2013-10-22 22:00
Modified
2024-08-06 17:06
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.3 before FP5 IF2 and 9.0 before IF5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN9AYK2X.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/87125 | vdb-entry, x_refsource_XF | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21653149 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:06:52.360Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "inotes-cve20135389-xss(87125)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87125"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21653149"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-10-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.3 before FP5 IF2 and 9.0 before IF5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN9AYK2X."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "inotes-cve20135389-xss(87125)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87125"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21653149"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-5389",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.3 before FP5 IF2 and 9.0 before IF5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN9AYK2X."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "inotes-cve20135389-xss(87125)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87125"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21653149",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21653149"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2013-5389",
"datePublished": "2013-10-22T22:00:00",
"dateReserved": "2013-08-22T00:00:00",
"dateUpdated": "2024-08-06T17:06:52.360Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-0913
Vulnerability from cvelistv5
Published
2014-05-09 01:00
Modified
2024-08-06 09:27
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in IBM iNotes and Domino 8.5.3 FP6 before IF2 and 9.0.1 before FP1 allows remote attackers to inject arbitrary web script or HTML via an e-mail message, aka SPR BFEY9GXHZE.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1030215 | vdb-entry, x_refsource_SECTRACK | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21671981 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/91880 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:27:20.341Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1030215",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030215"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21671981"
},
{
"name": "ibm-inotes-cve20140913-xss(91880)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91880"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM iNotes and Domino 8.5.3 FP6 before IF2 and 9.0.1 before FP1 allows remote attackers to inject arbitrary web script or HTML via an e-mail message, aka SPR BFEY9GXHZE."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "1030215",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030215"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21671981"
},
{
"name": "ibm-inotes-cve20140913-xss(91880)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91880"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-0913",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in IBM iNotes and Domino 8.5.3 FP6 before IF2 and 9.0.1 before FP1 allows remote attackers to inject arbitrary web script or HTML via an e-mail message, aka SPR BFEY9GXHZE."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1030215",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030215"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21671981",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21671981"
},
{
"name": "ibm-inotes-cve20140913-xss(91880)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91880"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-0913",
"datePublished": "2014-05-09T01:00:00",
"dateReserved": "2014-01-06T00:00:00",
"dateUpdated": "2024-08-06T09:27:20.341Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-0276
Vulnerability from cvelistv5
Published
2010-01-09 18:00
Modified
2024-08-07 00:45
Severity ?
EPSS score ?
Summary
IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.241 for Domino 8.0.2 FP3 does not properly handle navigation of the "Try Lotus iNotes anyway" link from the page that reports use of an unsupported browser, which has unspecified impact and attack vectors, aka SPR LSHR7TBMQU.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/38026 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/55473 | vdb-entry, x_refsource_XF | |
| http://www.vupen.com/english/advisories/2010/0077 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/37675 | vdb-entry, x_refsource_BID | |
| http://www-01.ibm.com/support/docview.wss?uid=swg27017776 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:45:11.421Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "38026",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38026"
},
{
"name": "domino-trylotus-unspecified(55473)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55473"
},
{
"name": "ADV-2010-0077",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0077"
},
{
"name": "37675",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37675"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27017776"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-01-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.241 for Domino 8.0.2 FP3 does not properly handle navigation of the \"Try Lotus iNotes anyway\" link from the page that reports use of an unsupported browser, which has unspecified impact and attack vectors, aka SPR LSHR7TBMQU."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "38026",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38026"
},
{
"name": "domino-trylotus-unspecified(55473)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55473"
},
{
"name": "ADV-2010-0077",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0077"
},
{
"name": "37675",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37675"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27017776"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0276",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.241 for Domino 8.0.2 FP3 does not properly handle navigation of the \"Try Lotus iNotes anyway\" link from the page that reports use of an unsupported browser, which has unspecified impact and attack vectors, aka SPR LSHR7TBMQU."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38026",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38026"
},
{
"name": "domino-trylotus-unspecified(55473)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55473"
},
{
"name": "ADV-2010-0077",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0077"
},
{
"name": "37675",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37675"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg27017776",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27017776"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0276",
"datePublished": "2010-01-09T18:00:00",
"dateReserved": "2010-01-09T00:00:00",
"dateUpdated": "2024-08-07T00:45:11.421Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-5701
Vulnerability from cvelistv5
Published
2007-10-29 21:00
Modified
2024-08-07 15:39
Severity ?
EPSS score ?
Summary
Incomplete blacklist vulnerability in the Certificate Authority (CA) in IBM Lotus Domino before 7.0.3 allows local users, or attackers with physical access, to obtain sensitive information (passwords) when an administrator enters a "ca activate" or "ca unlock" command with any uppercase character, which bypasses a blacklist designed to suppress password logging, resulting in cleartext password disclosure in the console log and Admin panel.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-1.ibm.com/support/docview.wss?uid=swg21261095 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/37372 | vdb-entry, x_refsource_XF | |
| http://www.vupen.com/english/advisories/2007/3598 | vdb-entry, x_refsource_VUPEN | |
| http://osvdb.org/40952 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/26176 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/27321 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:39:13.582Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21261095"
},
{
"name": "domino-ca-password-disclosure(37372)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37372"
},
{
"name": "ADV-2007-3598",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3598"
},
{
"name": "40952",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/40952"
},
{
"name": "26176",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26176"
},
{
"name": "27321",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27321"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-10-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Incomplete blacklist vulnerability in the Certificate Authority (CA) in IBM Lotus Domino before 7.0.3 allows local users, or attackers with physical access, to obtain sensitive information (passwords) when an administrator enters a \"ca activate\" or \"ca unlock\" command with any uppercase character, which bypasses a blacklist designed to suppress password logging, resulting in cleartext password disclosure in the console log and Admin panel."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21261095"
},
{
"name": "domino-ca-password-disclosure(37372)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37372"
},
{
"name": "ADV-2007-3598",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3598"
},
{
"name": "40952",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/40952"
},
{
"name": "26176",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26176"
},
{
"name": "27321",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27321"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5701",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incomplete blacklist vulnerability in the Certificate Authority (CA) in IBM Lotus Domino before 7.0.3 allows local users, or attackers with physical access, to obtain sensitive information (passwords) when an administrator enters a \"ca activate\" or \"ca unlock\" command with any uppercase character, which bypasses a blacklist designed to suppress password logging, resulting in cleartext password disclosure in the console log and Admin panel."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-1.ibm.com/support/docview.wss?uid=swg21261095",
"refsource": "CONFIRM",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21261095"
},
{
"name": "domino-ca-password-disclosure(37372)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37372"
},
{
"name": "ADV-2007-3598",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3598"
},
{
"name": "40952",
"refsource": "OSVDB",
"url": "http://osvdb.org/40952"
},
{
"name": "26176",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26176"
},
{
"name": "27321",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27321"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5701",
"datePublished": "2007-10-29T21:00:00",
"dateReserved": "2007-10-29T00:00:00",
"dateUpdated": "2024-08-07T15:39:13.582Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-1286
Vulnerability from cvelistv5
Published
2009-04-13 16:00
Modified
2024-09-16 20:52
Severity ?
EPSS score ?
Summary
The IMAP task in the server in IBM Lotus Domino 8.0.2 before FP1 IF1 and 8.5 before IF3 allows remote attackers to cause a denial of service (daemon crash) via a MIME e-mail message with RFC822 attachments (aka blobs) containing malformed root entities.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2009/0986 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/34441 | vdb-entry, x_refsource_BID | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21381566 | x_refsource_CONFIRM | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21379894 | x_refsource_CONFIRM | |
| http://securitytracker.com/id?1022024 | vdb-entry, x_refsource_SECTRACK | |
| http://secunia.com/advisories/34657 | third-party-advisory, x_refsource_SECUNIA | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21379915 | x_refsource_CONFIRM | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21381562 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:04:49.427Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2009-0986",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0986"
},
{
"name": "34441",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34441"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21381566"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21379894"
},
{
"name": "1022024",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1022024"
},
{
"name": "34657",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34657"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21379915"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21381562"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The IMAP task in the server in IBM Lotus Domino 8.0.2 before FP1 IF1 and 8.5 before IF3 allows remote attackers to cause a denial of service (daemon crash) via a MIME e-mail message with RFC822 attachments (aka blobs) containing malformed root entities."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-04-13T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2009-0986",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0986"
},
{
"name": "34441",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34441"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21381566"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21379894"
},
{
"name": "1022024",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1022024"
},
{
"name": "34657",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34657"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21379915"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21381562"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1286",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The IMAP task in the server in IBM Lotus Domino 8.0.2 before FP1 IF1 and 8.5 before IF3 allows remote attackers to cause a denial of service (daemon crash) via a MIME e-mail message with RFC822 attachments (aka blobs) containing malformed root entities."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-0986",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0986"
},
{
"name": "34441",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34441"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21381566",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21381566"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21379894",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21379894"
},
{
"name": "1022024",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1022024"
},
{
"name": "34657",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34657"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21379915",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21379915"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21381562",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21381562"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1286",
"datePublished": "2009-04-13T16:00:00Z",
"dateReserved": "2009-04-13T00:00:00Z",
"dateUpdated": "2024-09-16T20:52:50.000Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-5059
Vulnerability from cvelistv5
Published
2011-03-22 17:00
Modified
2024-09-17 04:04
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.10 services for Lotus Domino might allow remote authenticated users to cause a denial of service (daemon crash) by checking out a document that is accessed through a connector, aka SPR MMOI7PSR8J.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg27013341 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:24:54.105Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27013341"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.10 services for Lotus Domino might allow remote authenticated users to cause a denial of service (daemon crash) by checking out a document that is accessed through a connector, aka SPR MMOI7PSR8J."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-03-22T17:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27013341"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-5059",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.10 services for Lotus Domino might allow remote authenticated users to cause a denial of service (daemon crash) by checking out a document that is accessed through a connector, aka SPR MMOI7PSR8J."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg27013341",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27013341"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-5059",
"datePublished": "2011-03-22T17:00:00Z",
"dateReserved": "2011-03-22T00:00:00Z",
"dateUpdated": "2024-09-17T04:04:10.038Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-0913
Vulnerability from cvelistv5
Published
2011-02-08 21:00
Modified
2024-08-06 22:05
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in ndiiop.exe in the DIIOP implementation in the server in IBM Lotus Domino before 8.5.3 allows remote attackers to execute arbitrary code via a GIOP getEnvironmentString request, related to the local variable cache.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/43208 | third-party-advisory, x_refsource_SECUNIA | |
| http://zerodayinitiative.com/advisories/ZDI-11-053/ | x_refsource_MISC | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21461514 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:05:54.818Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "43208",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43208"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-11-053/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21461514"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-02-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in ndiiop.exe in the DIIOP implementation in the server in IBM Lotus Domino before 8.5.3 allows remote attackers to execute arbitrary code via a GIOP getEnvironmentString request, related to the local variable cache."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-02-23T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "43208",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43208"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-11-053/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21461514"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0913",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in ndiiop.exe in the DIIOP implementation in the server in IBM Lotus Domino before 8.5.3 allows remote attackers to execute arbitrary code via a GIOP getEnvironmentString request, related to the local variable cache."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43208",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43208"
},
{
"name": "http://zerodayinitiative.com/advisories/ZDI-11-053/",
"refsource": "MISC",
"url": "http://zerodayinitiative.com/advisories/ZDI-11-053/"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21461514",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21461514"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-0913",
"datePublished": "2011-02-08T21:00:00",
"dateReserved": "2011-02-08T00:00:00",
"dateUpdated": "2024-08-06T22:05:54.818Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-0917
Vulnerability from cvelistv5
Published
2011-02-08 21:00
Modified
2024-08-06 22:05
Severity ?
EPSS score ?
Summary
Buffer overflow in nLDAP.exe in IBM Lotus Domino allows remote attackers to execute arbitrary code via a long string in an LDAP Bind operation, aka SPR KLYH87LMVX.
References
| ▼ | URL | Tags |
|---|---|---|
| http://zerodayinitiative.com/advisories/ZDI-11-047/ | x_refsource_MISC | |
| http://secunia.com/advisories/43224 | third-party-advisory, x_refsource_SECUNIA | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21461514 | x_refsource_MISC | |
| http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=23&Itemid=23 | x_refsource_MISC | |
| http://www.exploit-db.com/exploits/16190/ | exploit, x_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:05:54.675Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-11-047/"
},
{
"name": "43224",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43224"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21461514"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.protekresearchlab.com/index.php?option=com_content\u0026view=article\u0026id=23\u0026Itemid=23"
},
{
"name": "16190",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/16190/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-02-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in nLDAP.exe in IBM Lotus Domino allows remote attackers to execute arbitrary code via a long string in an LDAP Bind operation, aka SPR KLYH87LMVX."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-02-23T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-11-047/"
},
{
"name": "43224",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43224"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21461514"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.protekresearchlab.com/index.php?option=com_content\u0026view=article\u0026id=23\u0026Itemid=23"
},
{
"name": "16190",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/16190/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0917",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in nLDAP.exe in IBM Lotus Domino allows remote attackers to execute arbitrary code via a long string in an LDAP Bind operation, aka SPR KLYH87LMVX."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://zerodayinitiative.com/advisories/ZDI-11-047/",
"refsource": "MISC",
"url": "http://zerodayinitiative.com/advisories/ZDI-11-047/"
},
{
"name": "43224",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43224"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21461514",
"refsource": "MISC",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21461514"
},
{
"name": "http://www.protekresearchlab.com/index.php?option=com_content\u0026view=article\u0026id=23\u0026Itemid=23",
"refsource": "MISC",
"url": "http://www.protekresearchlab.com/index.php?option=com_content\u0026view=article\u0026id=23\u0026Itemid=23"
},
{
"name": "16190",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/16190/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-0917",
"datePublished": "2011-02-08T21:00:00",
"dateReserved": "2011-02-08T00:00:00",
"dateUpdated": "2024-08-06T22:05:54.675Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-5388
Vulnerability from cvelistv5
Published
2013-10-22 22:00
Modified
2024-08-06 17:06
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.3 before FP5 IF2 and 9.0 before IF5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN9AYK5F.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21653149 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/87123 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:06:52.303Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21653149"
},
{
"name": "inotes-cve20135388-xss(87123)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87123"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-10-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.3 before FP5 IF2 and 9.0 before IF5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN9AYK5F."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21653149"
},
{
"name": "inotes-cve20135388-xss(87123)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87123"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-5388",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.3 before FP5 IF2 and 9.0 before IF5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN9AYK5F."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21653149",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21653149"
},
{
"name": "inotes-cve20135388-xss(87123)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87123"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2013-5388",
"datePublished": "2013-10-22T22:00:00",
"dateReserved": "2013-08-22T00:00:00",
"dateUpdated": "2024-08-06T17:06:52.303Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4065
Vulnerability from cvelistv5
Published
2013-12-21 11:00
Modified
2024-08-06 16:30
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.x before 8.5.3 FP6 and 9.0.x before 9.0.1, when ultra-light mode is enabled, allows remote attackers to inject arbitrary web script or HTML via active content in an e-mail message, aka SPR TCLE98ZKRP.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/86596 | vdb-entry, x_refsource_XF | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21659959 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:30:49.922Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-inotes-cve20134065-xss(86596)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86596"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21659959"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.x before 8.5.3 FP6 and 9.0.x before 9.0.1, when ultra-light mode is enabled, allows remote attackers to inject arbitrary web script or HTML via active content in an e-mail message, aka SPR TCLE98ZKRP."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-inotes-cve20134065-xss(86596)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86596"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21659959"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-4065",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.x before 8.5.3 FP6 and 9.0.x before 9.0.1, when ultra-light mode is enabled, allows remote attackers to inject arbitrary web script or HTML via active content in an e-mail message, aka SPR TCLE98ZKRP."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-inotes-cve20134065-xss(86596)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86596"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21659959",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21659959"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2013-4065",
"datePublished": "2013-12-21T11:00:00",
"dateReserved": "2013-06-07T00:00:00",
"dateUpdated": "2024-08-06T16:30:49.922Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-1519
Vulnerability from cvelistv5
Published
2011-03-25 19:00
Modified
2024-08-06 22:28
Severity ?
EPSS score ?
Summary
The remote console in the Server Controller in IBM Lotus Domino 7.x and 8.x verifies credentials against a file located at a UNC share pathname specified by the client, which allows remote attackers to bypass authentication, and consequently execute arbitrary code, by placing this pathname in the COOKIEFILE field. NOTE: this might overlap CVE-2011-0920.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.zerodayinitiative.com/advisories/ZDI-11-110 | x_refsource_MISC | |
| http://www.vupen.com/english/advisories/2011/0758 | vdb-entry, x_refsource_VUPEN | |
| http://securitytracker.com/id?1025241 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/archive/1/517119/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/43860 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/46985 | vdb-entry, x_refsource_BID | |
| http://securityreason.com/securityalert/8164 | third-party-advisory, x_refsource_SREASON |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:28:41.786Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-11-110"
},
{
"name": "ADV-2011-0758",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0758"
},
{
"name": "1025241",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1025241"
},
{
"name": "20110322 ZDI-11-110: (0day) IBM Lotus Domino Server Controller Authentication Bypass Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/517119/100/0/threaded"
},
{
"name": "43860",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43860"
},
{
"name": "46985",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/46985"
},
{
"name": "8164",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8164"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-03-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The remote console in the Server Controller in IBM Lotus Domino 7.x and 8.x verifies credentials against a file located at a UNC share pathname specified by the client, which allows remote attackers to bypass authentication, and consequently execute arbitrary code, by placing this pathname in the COOKIEFILE field. NOTE: this might overlap CVE-2011-0920."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-11-110"
},
{
"name": "ADV-2011-0758",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0758"
},
{
"name": "1025241",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1025241"
},
{
"name": "20110322 ZDI-11-110: (0day) IBM Lotus Domino Server Controller Authentication Bypass Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/517119/100/0/threaded"
},
{
"name": "43860",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43860"
},
{
"name": "46985",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/46985"
},
{
"name": "8164",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8164"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1519",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The remote console in the Server Controller in IBM Lotus Domino 7.x and 8.x verifies credentials against a file located at a UNC share pathname specified by the client, which allows remote attackers to bypass authentication, and consequently execute arbitrary code, by placing this pathname in the COOKIEFILE field. NOTE: this might overlap CVE-2011-0920."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-11-110",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-11-110"
},
{
"name": "ADV-2011-0758",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0758"
},
{
"name": "1025241",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1025241"
},
{
"name": "20110322 ZDI-11-110: (0day) IBM Lotus Domino Server Controller Authentication Bypass Remote Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/517119/100/0/threaded"
},
{
"name": "43860",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43860"
},
{
"name": "46985",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46985"
},
{
"name": "8164",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8164"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-1519",
"datePublished": "2011-03-25T19:00:00",
"dateReserved": "2011-03-25T00:00:00",
"dateUpdated": "2024-08-06T22:28:41.786Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-0120
Vulnerability from cvelistv5
Published
2006-01-09 11:00
Modified
2024-08-07 16:25
Severity ?
EPSS score ?
Summary
Multiple unspecified vulnerabilities in IBM Lotus Notes and Domino Server before 6.5.5 allow attackers to cause a denial of service (application crash) via multiple vectors, involving (1) a malformed message sent to an "Out Of Office" agent (SPR LPEE6DMQWJ), (2) the compact command (RTIN5U2SAJ), (3) malformed bitmap images (MYAA6FH5HW), (4) the "Delete Attachment" action (YPHG6844LD), (5) parsing certificates from a remote Certificate Table (AELE6DZFJW), and (6) creating a SSL key ring with the Domino Administration client (NSUA4FQPTN).
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:25:33.693Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/4118a1f266afb26c852570e4001baf5e?OpenDocument"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/ad0dd14aa109f96b852570e4001bb08c?OpenDocument"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/5f166a44ee743b2c852570e4001baf31?OpenDocument"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/040482aeb1416bb7852570e4001badd6?OpenDocument"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg27007054"
},
{
"name": "lotus-outofoffice-dos(24212)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24212"
},
{
"name": "lotus-bmp-dos(24214)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24214"
},
{
"name": "16158",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16158"
},
{
"name": "lotus-compact-dos(24213)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24213"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/2bb4f466a9e986ae852570e4001babbb?OpenDocument"
},
{
"name": "lotus-delete-attachment-dos(24215)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24215"
},
{
"name": "lotus-certificate-parsing-dos(24216)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24216"
},
{
"name": "lotus-ssl-keyring-dos(24217)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24217"
},
{
"name": "18328",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18328"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/258394eaa824f2c08525708a004209d3?OpenDocument"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/ced5f873baea4e8b852570e4001baa6d?OpenDocument"
},
{
"name": "ADV-2006-0081",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0081"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-01-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in IBM Lotus Notes and Domino Server before 6.5.5 allow attackers to cause a denial of service (application crash) via multiple vectors, involving (1) a malformed message sent to an \"Out Of Office\" agent (SPR LPEE6DMQWJ), (2) the compact command (RTIN5U2SAJ), (3) malformed bitmap images (MYAA6FH5HW), (4) the \"Delete Attachment\" action (YPHG6844LD), (5) parsing certificates from a remote Certificate Table (AELE6DZFJW), and (6) creating a SSL key ring with the Domino Administration client (NSUA4FQPTN)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/4118a1f266afb26c852570e4001baf5e?OpenDocument"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/ad0dd14aa109f96b852570e4001bb08c?OpenDocument"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/5f166a44ee743b2c852570e4001baf31?OpenDocument"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/040482aeb1416bb7852570e4001badd6?OpenDocument"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg27007054"
},
{
"name": "lotus-outofoffice-dos(24212)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24212"
},
{
"name": "lotus-bmp-dos(24214)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24214"
},
{
"name": "16158",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16158"
},
{
"name": "lotus-compact-dos(24213)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24213"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/2bb4f466a9e986ae852570e4001babbb?OpenDocument"
},
{
"name": "lotus-delete-attachment-dos(24215)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24215"
},
{
"name": "lotus-certificate-parsing-dos(24216)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24216"
},
{
"name": "lotus-ssl-keyring-dos(24217)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24217"
},
{
"name": "18328",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18328"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/258394eaa824f2c08525708a004209d3?OpenDocument"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/ced5f873baea4e8b852570e4001baa6d?OpenDocument"
},
{
"name": "ADV-2006-0081",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0081"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0120",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in IBM Lotus Notes and Domino Server before 6.5.5 allow attackers to cause a denial of service (application crash) via multiple vectors, involving (1) a malformed message sent to an \"Out Of Office\" agent (SPR LPEE6DMQWJ), (2) the compact command (RTIN5U2SAJ), (3) malformed bitmap images (MYAA6FH5HW), (4) the \"Delete Attachment\" action (YPHG6844LD), (5) parsing certificates from a remote Certificate Table (AELE6DZFJW), and (6) creating a SSL key ring with the Domino Administration client (NSUA4FQPTN)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/4118a1f266afb26c852570e4001baf5e?OpenDocument",
"refsource": "CONFIRM",
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/4118a1f266afb26c852570e4001baf5e?OpenDocument"
},
{
"name": "http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/ad0dd14aa109f96b852570e4001bb08c?OpenDocument",
"refsource": "CONFIRM",
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/ad0dd14aa109f96b852570e4001bb08c?OpenDocument"
},
{
"name": "http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/5f166a44ee743b2c852570e4001baf31?OpenDocument",
"refsource": "CONFIRM",
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/5f166a44ee743b2c852570e4001baf31?OpenDocument"
},
{
"name": "http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/040482aeb1416bb7852570e4001badd6?OpenDocument",
"refsource": "CONFIRM",
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/040482aeb1416bb7852570e4001badd6?OpenDocument"
},
{
"name": "http://www-1.ibm.com/support/docview.wss?uid=swg27007054",
"refsource": "CONFIRM",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg27007054"
},
{
"name": "lotus-outofoffice-dos(24212)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24212"
},
{
"name": "lotus-bmp-dos(24214)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24214"
},
{
"name": "16158",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16158"
},
{
"name": "lotus-compact-dos(24213)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24213"
},
{
"name": "http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/2bb4f466a9e986ae852570e4001babbb?OpenDocument",
"refsource": "CONFIRM",
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/2bb4f466a9e986ae852570e4001babbb?OpenDocument"
},
{
"name": "lotus-delete-attachment-dos(24215)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24215"
},
{
"name": "lotus-certificate-parsing-dos(24216)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24216"
},
{
"name": "lotus-ssl-keyring-dos(24217)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24217"
},
{
"name": "18328",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18328"
},
{
"name": "http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/258394eaa824f2c08525708a004209d3?OpenDocument",
"refsource": "CONFIRM",
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/258394eaa824f2c08525708a004209d3?OpenDocument"
},
{
"name": "http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/ced5f873baea4e8b852570e4001baa6d?OpenDocument",
"refsource": "CONFIRM",
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/ced5f873baea4e8b852570e4001baa6d?OpenDocument"
},
{
"name": "ADV-2006-0081",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0081"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0120",
"datePublished": "2006-01-09T11:00:00",
"dateReserved": "2006-01-09T00:00:00",
"dateUpdated": "2024-08-07T16:25:33.693Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-1393
Vulnerability from cvelistv5
Published
2011-12-27 11:00
Modified
2024-08-06 22:21
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the authentication functionality in the server in IBM Lotus Domino 8.x before 8.5.2 FP4 allows remote attackers to cause a denial of service (daemon crash) via a crafted Notes RPC packet.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/71805 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/47331 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.ibm.com/support/docview.wss?uid=swg21575247 | x_refsource_CONFIRM | |
| http://www.osvdb.org/77990 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:21:34.515Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "lotus-domino-server-rpc-dos(71805)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71805"
},
{
"name": "47331",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47331"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21575247"
},
{
"name": "77990",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/77990"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-12-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the authentication functionality in the server in IBM Lotus Domino 8.x before 8.5.2 FP4 allows remote attackers to cause a denial of service (daemon crash) via a crafted Notes RPC packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "lotus-domino-server-rpc-dos(71805)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71805"
},
{
"name": "47331",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47331"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21575247"
},
{
"name": "77990",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/77990"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1393",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the authentication functionality in the server in IBM Lotus Domino 8.x before 8.5.2 FP4 allows remote attackers to cause a denial of service (daemon crash) via a crafted Notes RPC packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "lotus-domino-server-rpc-dos(71805)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71805"
},
{
"name": "47331",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47331"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21575247",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21575247"
},
{
"name": "77990",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/77990"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-1393",
"datePublished": "2011-12-27T11:00:00",
"dateReserved": "2011-03-10T00:00:00",
"dateUpdated": "2024-08-06T22:21:34.515Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-0668
Vulnerability from cvelistv5
Published
2004-07-13 04:00
Modified
2024-08-08 00:24
Severity ?
EPSS score ?
Summary
Web Access in Lotus Domino 6.5.1 allows remote attackers to cause a denial of service (server crash) via a large e-mail message, as demonstrated using a large image attachment.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=108871093704307&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/16596 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/10641 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:24:27.042Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20040630 DoS against Domino 6.5.1",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108871093704307\u0026w=2"
},
{
"name": "lotus-domino-web-dos(16596)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16596"
},
{
"name": "10641",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10641"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-06-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Web Access in Lotus Domino 6.5.1 allows remote attackers to cause a denial of service (server crash) via a large e-mail message, as demonstrated using a large image attachment."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20040630 DoS against Domino 6.5.1",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108871093704307\u0026w=2"
},
{
"name": "lotus-domino-web-dos(16596)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16596"
},
{
"name": "10641",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10641"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0668",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Web Access in Lotus Domino 6.5.1 allows remote attackers to cause a denial of service (server crash) via a large e-mail message, as demonstrated using a large image attachment."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20040630 DoS against Domino 6.5.1",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=108871093704307\u0026w=2"
},
{
"name": "lotus-domino-web-dos(16596)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16596"
},
{
"name": "10641",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10641"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0668",
"datePublished": "2004-07-13T04:00:00",
"dateReserved": "2004-07-12T00:00:00",
"dateUpdated": "2024-08-08T00:24:27.042Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-0486
Vulnerability from cvelistv5
Published
2013-03-27 10:00
Modified
2024-08-06 14:25
Severity ?
EPSS score ?
Summary
Memory leak in the HTTP server in IBM Domino 8.5.x allows remote attackers to cause a denial of service (memory consumption and daemon crash) via GET requests, aka SPR KLYH92NKZY.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/81812 | vdb-entry, x_refsource_XF | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21627597 | x_refsource_CONFIRM | |
| http://jvn.jp/en/jp/JVN51305555/index.html | third-party-advisory, x_refsource_JVN | |
| http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000030.html | third-party-advisory, x_refsource_JVNDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:25:10.356Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "domino-get-dos(81812)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81812"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21627597"
},
{
"name": "JVN#51305555",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN51305555/index.html"
},
{
"name": "JVNDB-2013-000030",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000030.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-03-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Memory leak in the HTTP server in IBM Domino 8.5.x allows remote attackers to cause a denial of service (memory consumption and daemon crash) via GET requests, aka SPR KLYH92NKZY."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "domino-get-dos(81812)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81812"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21627597"
},
{
"name": "JVN#51305555",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN51305555/index.html"
},
{
"name": "JVNDB-2013-000030",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000030.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-0486",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Memory leak in the HTTP server in IBM Domino 8.5.x allows remote attackers to cause a denial of service (memory consumption and daemon crash) via GET requests, aka SPR KLYH92NKZY."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "domino-get-dos(81812)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81812"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21627597",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21627597"
},
{
"name": "JVN#51305555",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN51305555/index.html"
},
{
"name": "JVNDB-2013-000030",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000030.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2013-0486",
"datePublished": "2013-03-27T10:00:00",
"dateReserved": "2012-12-16T00:00:00",
"dateUpdated": "2024-08-06T14:25:10.356Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-3301
Vulnerability from cvelistv5
Published
2012-08-21 10:00
Modified
2024-08-06 19:57
Severity ?
EPSS score ?
Summary
Multiple CRLF injection vulnerabilities in the HTTP server in IBM Lotus Domino 8.5.x before 8.5.4 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input involving (1) Mozilla Firefox 3.0.9 and earlier or (2) unspecified browsers.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21608160 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/77400 | vdb-entry, x_refsource_XF | |
| http://websecurity.com.ua/5839/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:57:50.501Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21608160"
},
{
"name": "lotus-domino-response-splitting(77400)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77400"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://websecurity.com.ua/5839/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-08-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple CRLF injection vulnerabilities in the HTTP server in IBM Lotus Domino 8.5.x before 8.5.4 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input involving (1) Mozilla Firefox 3.0.9 and earlier or (2) unspecified browsers."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21608160"
},
{
"name": "lotus-domino-response-splitting(77400)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77400"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://websecurity.com.ua/5839/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2012-3301",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple CRLF injection vulnerabilities in the HTTP server in IBM Lotus Domino 8.5.x before 8.5.4 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input involving (1) Mozilla Firefox 3.0.9 and earlier or (2) unspecified browsers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21608160",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21608160"
},
{
"name": "lotus-domino-response-splitting(77400)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77400"
},
{
"name": "http://websecurity.com.ua/5839/",
"refsource": "MISC",
"url": "http://websecurity.com.ua/5839/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2012-3301",
"datePublished": "2012-08-21T10:00:00",
"dateReserved": "2012-06-07T00:00:00",
"dateUpdated": "2024-08-06T19:57:50.501Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-0916
Vulnerability from cvelistv5
Published
2011-02-08 21:00
Modified
2024-08-06 22:05
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in the SMTP service in IBM Lotus Domino allows remote attackers to execute arbitrary code via long arguments in a filename parameter in a malformed MIME e-mail message, aka SPR KLYH889M8H.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/43247 | third-party-advisory, x_refsource_SECUNIA | |
| http://zerodayinitiative.com/advisories/ZDI-11-049/ | x_refsource_MISC | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21461514 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:05:54.450Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "43247",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43247"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-11-049/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21461514"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-02-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the SMTP service in IBM Lotus Domino allows remote attackers to execute arbitrary code via long arguments in a filename parameter in a malformed MIME e-mail message, aka SPR KLYH889M8H."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-02-23T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "43247",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43247"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-11-049/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21461514"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0916",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the SMTP service in IBM Lotus Domino allows remote attackers to execute arbitrary code via long arguments in a filename parameter in a malformed MIME e-mail message, aka SPR KLYH889M8H."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43247",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43247"
},
{
"name": "http://zerodayinitiative.com/advisories/ZDI-11-049/",
"refsource": "MISC",
"url": "http://zerodayinitiative.com/advisories/ZDI-11-049/"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21461514",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21461514"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-0916",
"datePublished": "2011-02-08T21:00:00",
"dateReserved": "2011-02-08T00:00:00",
"dateUpdated": "2024-08-06T22:05:54.450Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2001-1567
Vulnerability from cvelistv5
Published
2005-07-14 04:00
Modified
2024-08-08 04:58
Severity ?
EPSS score ?
Summary
Lotus Domino server 5.0.9a and earlier allows remote attackers to bypass security restrictions and view Notes database files and possibly sensitive Notes template files (.ntf) via an HTTP request with a large number of "+" characters before the .nsf file extension, which are converted to spaces by Domino.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=101285903120879&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://marc.info/?l=bugtraq&m=101284222932568&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.iss.net/security_center/static/8072.php | vdb-entry, x_refsource_XF | |
| http://marc.info/?l=bugtraq&m=101286525008089&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/4022 | vdb-entry, x_refsource_BID | |
| http://www.nextgenss.com/papers/hpldws.pdf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:58:11.595Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20020204 Re: Lotus Domino password bypass",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101285903120879\u0026w=2"
},
{
"name": "20020203 Lotus Domino password bypass",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101284222932568\u0026w=2"
},
{
"name": "lotus-domino-auth-bypass(8072)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/8072.php"
},
{
"name": "20020204 Lotus Domino password bypass",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101286525008089\u0026w=2"
},
{
"name": "4022",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4022"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.nextgenss.com/papers/hpldws.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-10-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Lotus Domino server 5.0.9a and earlier allows remote attackers to bypass security restrictions and view Notes database files and possibly sensitive Notes template files (.ntf) via an HTTP request with a large number of \"+\" characters before the .nsf file extension, which are converted to spaces by Domino."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20020204 Re: Lotus Domino password bypass",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101285903120879\u0026w=2"
},
{
"name": "20020203 Lotus Domino password bypass",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101284222932568\u0026w=2"
},
{
"name": "lotus-domino-auth-bypass(8072)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/8072.php"
},
{
"name": "20020204 Lotus Domino password bypass",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101286525008089\u0026w=2"
},
{
"name": "4022",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4022"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.nextgenss.com/papers/hpldws.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1567",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Lotus Domino server 5.0.9a and earlier allows remote attackers to bypass security restrictions and view Notes database files and possibly sensitive Notes template files (.ntf) via an HTTP request with a large number of \"+\" characters before the .nsf file extension, which are converted to spaces by Domino."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020204 Re: Lotus Domino password bypass",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=101285903120879\u0026w=2"
},
{
"name": "20020203 Lotus Domino password bypass",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=101284222932568\u0026w=2"
},
{
"name": "lotus-domino-auth-bypass(8072)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8072.php"
},
{
"name": "20020204 Lotus Domino password bypass",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=101286525008089\u0026w=2"
},
{
"name": "4022",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4022"
},
{
"name": "http://www.nextgenss.com/papers/hpldws.pdf",
"refsource": "MISC",
"url": "http://www.nextgenss.com/papers/hpldws.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-1567",
"datePublished": "2005-07-14T04:00:00",
"dateReserved": "2005-07-14T00:00:00",
"dateUpdated": "2024-08-08T04:58:11.595Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-0920
Vulnerability from cvelistv5
Published
2010-03-03 19:00
Modified
2024-09-16 22:56
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.281 for Domino 8.0.2 FP4 allows remote attackers to inject arbitrary web script or HTML via vectors related to lack of "XSS/CSRF Get Filter and Referer Check fixes."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2010/0496 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/38459 | vdb-entry, x_refsource_BID | |
| http://www-01.ibm.com/support/docview.wss?uid=swg27018109 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:06:52.454Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2010-0496",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0496"
},
{
"name": "38459",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38459"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27018109"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.281 for Domino 8.0.2 FP4 allows remote attackers to inject arbitrary web script or HTML via vectors related to lack of \"XSS/CSRF Get Filter and Referer Check fixes.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-03-03T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2010-0496",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0496"
},
{
"name": "38459",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38459"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27018109"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0920",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.281 for Domino 8.0.2 FP4 allows remote attackers to inject arbitrary web script or HTML via vectors related to lack of \"XSS/CSRF Get Filter and Referer Check fixes.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2010-0496",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0496"
},
{
"name": "38459",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38459"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg27018109",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27018109"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0920",
"datePublished": "2010-03-03T19:00:00Z",
"dateReserved": "2010-03-03T00:00:00Z",
"dateUpdated": "2024-09-16T22:56:05.008Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-5818
Vulnerability from cvelistv5
Published
2006-11-08 23:00
Modified
2024-08-07 20:04
Severity ?
EPSS score ?
Summary
Multiple buffer overflows in tunekrnl in IBM Lotus Domino 6.x before 6.5.5 FP2 and 7.x before 7.0.2 allow local users to gain privileges and execute arbitrary code via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/30151 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/22724 | third-party-advisory, x_refsource_SECUNIA | |
| http://securitytracker.com/id?1017198 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/20967 | vdb-entry, x_refsource_BID | |
| http://www-1.ibm.com/support/docview.wss?rs=475&uid=swg21249173 | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2006/4411 | vdb-entry, x_refsource_VUPEN | |
| http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=440 | third-party-advisory, x_refsource_IDEFENSE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:04:55.577Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "lotusdomino-tunekrnl-bo(30151)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30151"
},
{
"name": "22724",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22724"
},
{
"name": "1017198",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017198"
},
{
"name": "20967",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20967"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/docview.wss?rs=475\u0026uid=swg21249173"
},
{
"name": "ADV-2006-4411",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4411"
},
{
"name": "20061108 IBM Lotus Domino 7 tunekrnl Multiple Vulnerabilities",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=440"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-11-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in tunekrnl in IBM Lotus Domino 6.x before 6.5.5 FP2 and 7.x before 7.0.2 allow local users to gain privileges and execute arbitrary code via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "lotusdomino-tunekrnl-bo(30151)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30151"
},
{
"name": "22724",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22724"
},
{
"name": "1017198",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017198"
},
{
"name": "20967",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20967"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-1.ibm.com/support/docview.wss?rs=475\u0026uid=swg21249173"
},
{
"name": "ADV-2006-4411",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4411"
},
{
"name": "20061108 IBM Lotus Domino 7 tunekrnl Multiple Vulnerabilities",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=440"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5818",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in tunekrnl in IBM Lotus Domino 6.x before 6.5.5 FP2 and 7.x before 7.0.2 allow local users to gain privileges and execute arbitrary code via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "lotusdomino-tunekrnl-bo(30151)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30151"
},
{
"name": "22724",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22724"
},
{
"name": "1017198",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017198"
},
{
"name": "20967",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20967"
},
{
"name": "http://www-1.ibm.com/support/docview.wss?rs=475\u0026uid=swg21249173",
"refsource": "CONFIRM",
"url": "http://www-1.ibm.com/support/docview.wss?rs=475\u0026uid=swg21249173"
},
{
"name": "ADV-2006-4411",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4411"
},
{
"name": "20061108 IBM Lotus Domino 7 tunekrnl Multiple Vulnerabilities",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=440"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5818",
"datePublished": "2006-11-08T23:00:00",
"dateReserved": "2006-11-08T00:00:00",
"dateUpdated": "2024-08-07T20:04:55.577Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-0275
Vulnerability from cvelistv5
Published
2010-01-09 18:00
Modified
2024-08-07 00:45
Severity ?
EPSS score ?
Summary
Ultra-light Mode in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.241 for Domino 8.0.2 FP3 does not properly handle script commands in the status-alerts URL, which has unspecified impact and attack vectors, aka SPR LSHR7TBM58.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/38026 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2010/0077 | vdb-entry, x_refsource_VUPEN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/55471 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/37675 | vdb-entry, x_refsource_BID | |
| http://www-01.ibm.com/support/docview.wss?uid=swg27017776 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:45:11.763Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "38026",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38026"
},
{
"name": "ADV-2010-0077",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0077"
},
{
"name": "domino-script-command-unspecified(55471)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55471"
},
{
"name": "37675",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37675"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27017776"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-01-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Ultra-light Mode in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.241 for Domino 8.0.2 FP3 does not properly handle script commands in the status-alerts URL, which has unspecified impact and attack vectors, aka SPR LSHR7TBM58."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "38026",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38026"
},
{
"name": "ADV-2010-0077",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0077"
},
{
"name": "domino-script-command-unspecified(55471)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55471"
},
{
"name": "37675",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37675"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27017776"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0275",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Ultra-light Mode in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.241 for Domino 8.0.2 FP3 does not properly handle script commands in the status-alerts URL, which has unspecified impact and attack vectors, aka SPR LSHR7TBM58."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38026",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38026"
},
{
"name": "ADV-2010-0077",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0077"
},
{
"name": "domino-script-command-unspecified(55471)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55471"
},
{
"name": "37675",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37675"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg27017776",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27017776"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0275",
"datePublished": "2010-01-09T18:00:00",
"dateReserved": "2010-01-09T00:00:00",
"dateUpdated": "2024-08-07T00:45:11.763Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-4820
Vulnerability from cvelistv5
Published
2013-01-11 00:00
Modified
2024-08-06 20:50
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, when running under a security manager, allows remote attackers to gain privileges by modifying or removing the security manager via vectors related to "insecure use of the java.lang.reflect.Method invoke() method."
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:50:17.367Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2012:1466",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1466.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616616"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616594"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616617"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21621154"
},
{
"name": "20120911 [SE-2012-01] Security vulnerabilities in IBM Java",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2012/Sep/38"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616652"
},
{
"name": "RHSA-2013:1455",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html"
},
{
"name": "55495",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55495"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21631786"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21615800"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616490"
},
{
"name": "51327",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51327"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21616546"
},
{
"name": "ibm-java-invoke-code-execution(78764)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78764"
},
{
"name": "RHSA-2012:1467",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1467.html"
},
{
"name": "RHSA-2012:1465",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1465.html"
},
{
"name": "51328",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51328"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616708"
},
{
"name": "51634",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51634"
},
{
"name": "IV29654",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV29654"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21615705"
},
{
"name": "RHSA-2013:1456",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html"
},
{
"name": "51393",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51393"
},
{
"name": "51326",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51326"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-09-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes \u0026 Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, when running under a security manager, allows remote attackers to gain privileges by modifying or removing the security manager via vectors related to \"insecure use of the java.lang.reflect.Method invoke() method.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "RHSA-2012:1466",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1466.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616616"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616594"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616617"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21621154"
},
{
"name": "20120911 [SE-2012-01] Security vulnerabilities in IBM Java",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2012/Sep/38"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616652"
},
{
"name": "RHSA-2013:1455",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html"
},
{
"name": "55495",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/55495"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21631786"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21615800"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616490"
},
{
"name": "51327",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51327"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21616546"
},
{
"name": "ibm-java-invoke-code-execution(78764)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78764"
},
{
"name": "RHSA-2012:1467",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1467.html"
},
{
"name": "RHSA-2012:1465",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1465.html"
},
{
"name": "51328",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51328"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616708"
},
{
"name": "51634",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51634"
},
{
"name": "IV29654",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV29654"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21615705"
},
{
"name": "RHSA-2013:1456",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html"
},
{
"name": "51393",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51393"
},
{
"name": "51326",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51326"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2012-4820",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes \u0026 Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, when running under a security manager, allows remote attackers to gain privileges by modifying or removing the security manager via vectors related to \"insecure use of the java.lang.reflect.Method invoke() method.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2012:1466",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1466.html"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21616616",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616616"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21616594",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616594"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21616617",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616617"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21621154",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21621154"
},
{
"name": "20120911 [SE-2012-01] Security vulnerabilities in IBM Java",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2012/Sep/38"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21616652",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616652"
},
{
"name": "RHSA-2013:1455",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html"
},
{
"name": "55495",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55495"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21631786",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21631786"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21615800",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21615800"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21616490",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616490"
},
{
"name": "51327",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51327"
},
{
"name": "https://www-304.ibm.com/support/docview.wss?uid=swg21616546",
"refsource": "CONFIRM",
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21616546"
},
{
"name": "ibm-java-invoke-code-execution(78764)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78764"
},
{
"name": "RHSA-2012:1467",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1467.html"
},
{
"name": "RHSA-2012:1465",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1465.html"
},
{
"name": "51328",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51328"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21616708",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616708"
},
{
"name": "51634",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51634"
},
{
"name": "IV29654",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV29654"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21615705",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21615705"
},
{
"name": "RHSA-2013:1456",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html"
},
{
"name": "51393",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51393"
},
{
"name": "51326",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51326"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2012-4820",
"datePublished": "2013-01-11T00:00:00",
"dateReserved": "2012-09-06T00:00:00",
"dateUpdated": "2024-08-06T20:50:17.367Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4050
Vulnerability from cvelistv5
Published
2013-11-08 02:00
Modified
2024-08-06 16:30
Severity ?
EPSS score ?
Summary
Cross-site request forgery (CSRF) vulnerability in webadmin.nsf in Domino Web Administrator in IBM Domino 8.5 and 9.0 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/86433 | vdb-entry, x_refsource_XF | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21652988 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:30:49.912Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "domino-webadmin-cve20134050-csrf(86433)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86433"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21652988"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-11-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in webadmin.nsf in Domino Web Administrator in IBM Domino 8.5 and 9.0 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "domino-webadmin-cve20134050-csrf(86433)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86433"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21652988"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-4050",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in webadmin.nsf in Domino Web Administrator in IBM Domino 8.5 and 9.0 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "domino-webadmin-cve20134050-csrf(86433)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86433"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21652988",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21652988"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2013-4050",
"datePublished": "2013-11-08T02:00:00",
"dateReserved": "2013-06-07T00:00:00",
"dateUpdated": "2024-08-06T16:30:49.912Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-0595
Vulnerability from cvelistv5
Published
2013-08-27 01:00
Modified
2024-08-06 14:33
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in iNotes 8.5.x in IBM Lotus Domino 8.5 before 8.5.3 FP5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN95XNR3.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21647740 | x_refsource_CONFIRM | |
| https://www-01.ibm.com/support/docview.wss?uid=swg21671622 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/83431 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:33:05.227Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21647740"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21671622"
},
{
"name": "inotes-cve20130595-xss(83431)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83431"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in iNotes 8.5.x in IBM Lotus Domino 8.5 before 8.5.3 FP5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN95XNR3."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-11T15:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21647740"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21671622"
},
{
"name": "inotes-cve20130595-xss(83431)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83431"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-0595",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in iNotes 8.5.x in IBM Lotus Domino 8.5 before 8.5.3 FP5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN95XNR3."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21647740",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21647740"
},
{
"name": "https://www-01.ibm.com/support/docview.wss?uid=swg21671622",
"refsource": "CONFIRM",
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21671622"
},
{
"name": "inotes-cve20130595-xss(83431)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83431"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2013-0595",
"datePublished": "2013-08-27T01:00:00",
"dateReserved": "2012-12-16T00:00:00",
"dateUpdated": "2024-08-06T14:33:05.227Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-0358
Vulnerability from cvelistv5
Published
2010-01-20 16:00
Modified
2024-09-16 22:30
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in the server in IBM Lotus Domino 7 and 8.5 FP1 allows remote attackers to cause a denial of service (daemon exit) and possibly have unspecified other impact via a long string in a crafted LDAP message to a TCP port, a different vulnerability than CVE-2009-3087.
References
| ▼ | URL | Tags |
|---|---|---|
| http://securitytracker.com/id?1023456 | vdb-entry, x_refsource_SECTRACK | |
| http://intevydis.blogspot.com/2010/01/lotus-domino-7-probably-8-ldap-heap.html | x_refsource_MISC | |
| http://intevydis.com/vd-list.shtml | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:45:12.145Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1023456",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1023456"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://intevydis.blogspot.com/2010/01/lotus-domino-7-probably-8-ldap-heap.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://intevydis.com/vd-list.shtml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the server in IBM Lotus Domino 7 and 8.5 FP1 allows remote attackers to cause a denial of service (daemon exit) and possibly have unspecified other impact via a long string in a crafted LDAP message to a TCP port, a different vulnerability than CVE-2009-3087."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-01-20T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1023456",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1023456"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://intevydis.blogspot.com/2010/01/lotus-domino-7-probably-8-ldap-heap.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://intevydis.com/vd-list.shtml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0358",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the server in IBM Lotus Domino 7 and 8.5 FP1 allows remote attackers to cause a denial of service (daemon exit) and possibly have unspecified other impact via a long string in a crafted LDAP message to a TCP port, a different vulnerability than CVE-2009-3087."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1023456",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023456"
},
{
"name": "http://intevydis.blogspot.com/2010/01/lotus-domino-7-probably-8-ldap-heap.html",
"refsource": "MISC",
"url": "http://intevydis.blogspot.com/2010/01/lotus-domino-7-probably-8-ldap-heap.html"
},
{
"name": "http://intevydis.com/vd-list.shtml",
"refsource": "MISC",
"url": "http://intevydis.com/vd-list.shtml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0358",
"datePublished": "2010-01-20T16:00:00Z",
"dateReserved": "2010-01-20T00:00:00Z",
"dateUpdated": "2024-09-16T22:30:27.702Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-1441
Vulnerability from cvelistv5
Published
2005-05-03 04:00
Modified
2024-08-07 21:51
Severity ?
EPSS score ?
Summary
Format string vulnerability in Lotus Domino 6.0.x before 6.0.5 and 6.5.x before 6.5.4 allows remote attackers to cause a denial of service via the Notes protocol (NRPC).
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/20043 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/13446 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/14879 | third-party-advisory, x_refsource_SECUNIA | |
| http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21202525 | x_refsource_CONFIRM | |
| http://securitytracker.com/id?1013842 | vdb-entry, x_refsource_SECTRACK | |
| http://www.osvdb.org/15366 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:51:49.859Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "lotus-nrpc-format-string(20043)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20043"
},
{
"name": "13446",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/13446"
},
{
"name": "14879",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/14879"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/docview.wss?rs=463\u0026uid=swg21202525"
},
{
"name": "1013842",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1013842"
},
{
"name": "15366",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/15366"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-04-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in Lotus Domino 6.0.x before 6.0.5 and 6.5.x before 6.5.4 allows remote attackers to cause a denial of service via the Notes protocol (NRPC)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "lotus-nrpc-format-string(20043)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20043"
},
{
"name": "13446",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/13446"
},
{
"name": "14879",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/14879"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-1.ibm.com/support/docview.wss?rs=463\u0026uid=swg21202525"
},
{
"name": "1013842",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1013842"
},
{
"name": "15366",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/15366"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1441",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in Lotus Domino 6.0.x before 6.0.5 and 6.5.x before 6.5.4 allows remote attackers to cause a denial of service via the Notes protocol (NRPC)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "lotus-nrpc-format-string(20043)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20043"
},
{
"name": "13446",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13446"
},
{
"name": "14879",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14879"
},
{
"name": "http://www-1.ibm.com/support/docview.wss?rs=463\u0026uid=swg21202525",
"refsource": "CONFIRM",
"url": "http://www-1.ibm.com/support/docview.wss?rs=463\u0026uid=swg21202525"
},
{
"name": "1013842",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013842"
},
{
"name": "15366",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/15366"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1441",
"datePublished": "2005-05-03T04:00:00",
"dateReserved": "2005-05-03T00:00:00",
"dateUpdated": "2024-08-07T21:51:49.859Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-2014
Vulnerability from cvelistv5
Published
2005-07-14 04:00
Modified
2024-09-17 02:42
Severity ?
EPSS score ?
Summary
Lotus Domino 5.0.8 web server returns different error messages when a valid or invalid user is provided in HTTP requests, which allows remote attackers to determine valid user names and makes it easier to conduct brute force attacks.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/3991 | vdb-entry, x_refsource_BID | |
| http://archives.neohapsis.com/archives/bugtraq/2002-01/0373.html | mailing-list, x_refsource_BUGTRAQ | |
| http://archives.neohapsis.com/archives/vuln-dev/2002-q1/0258.html | mailing-list, x_refsource_VULN-DEV | |
| http://www.iss.net/security_center/static/8038.php | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:51:16.615Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "3991",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/3991"
},
{
"name": "20020131 Script for find domino",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-01/0373.html"
},
{
"name": "20020130 Enumerating users on a Domino webserver",
"tags": [
"mailing-list",
"x_refsource_VULN-DEV",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/vuln-dev/2002-q1/0258.html"
},
{
"name": "lotus-domino-username-disclosure(8038)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/8038.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Lotus Domino 5.0.8 web server returns different error messages when a valid or invalid user is provided in HTTP requests, which allows remote attackers to determine valid user names and makes it easier to conduct brute force attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-07-14T04:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "3991",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/3991"
},
{
"name": "20020131 Script for find domino",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-01/0373.html"
},
{
"name": "20020130 Enumerating users on a Domino webserver",
"tags": [
"mailing-list",
"x_refsource_VULN-DEV"
],
"url": "http://archives.neohapsis.com/archives/vuln-dev/2002-q1/0258.html"
},
{
"name": "lotus-domino-username-disclosure(8038)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/8038.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2014",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Lotus Domino 5.0.8 web server returns different error messages when a valid or invalid user is provided in HTTP requests, which allows remote attackers to determine valid user names and makes it easier to conduct brute force attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3991",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3991"
},
{
"name": "20020131 Script for find domino",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-01/0373.html"
},
{
"name": "20020130 Enumerating users on a Domino webserver",
"refsource": "VULN-DEV",
"url": "http://archives.neohapsis.com/archives/vuln-dev/2002-q1/0258.html"
},
{
"name": "lotus-domino-username-disclosure(8038)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8038.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-2014",
"datePublished": "2005-07-14T04:00:00Z",
"dateReserved": "2005-07-14T00:00:00Z",
"dateUpdated": "2024-09-17T02:42:46.858Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4055
Vulnerability from cvelistv5
Published
2013-11-08 02:00
Modified
2024-08-06 16:30
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in webadmin.nsf in Domino Web Administrator in IBM Domino 8.5 and 9.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2013-4051.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/86544 | vdb-entry, x_refsource_XF | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21652988 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:30:49.919Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "domino-webadmin-cve20134055-xss(86544)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86544"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21652988"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-11-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in webadmin.nsf in Domino Web Administrator in IBM Domino 8.5 and 9.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2013-4051."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "domino-webadmin-cve20134055-xss(86544)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86544"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21652988"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-4055",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in webadmin.nsf in Domino Web Administrator in IBM Domino 8.5 and 9.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2013-4051."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "domino-webadmin-cve20134055-xss(86544)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86544"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21652988",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21652988"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2013-4055",
"datePublished": "2013-11-08T02:00:00",
"dateReserved": "2013-06-07T00:00:00",
"dateUpdated": "2024-08-06T16:30:49.919Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-0119
Vulnerability from cvelistv5
Published
2006-01-09 11:00
Modified
2024-08-07 16:25
Severity ?
EPSS score ?
Summary
Multiple unspecified vulnerabilities in IBM Lotus Notes and Domino Server before 6.5.5 have unknown impact and attack vectors, due to "potential security issues" as identified by SPR numbers (1) GPKS6C9J67 in Agents, (2) JGAN6B6TZ3 and (3) KSPR699NBP in the Router, (4) GPKS5YQGPT in Security, or (5) HSAO6BNL6Y in the Web Server. NOTE: vector 3 is related to an issue in NROUTER in IBM Lotus Notes and Domino Server before 6.5.4 FP1, 6.5.5, and 7.0, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted vCal meeting request sent via SMTP (aka SPR# KSPR699NBP).
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:25:32.863Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg27007054"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/d1150fc9c5dec8b18525709200001da6?OpenDocument\u0026Highlight=0%2CGPKS6C9J67"
},
{
"name": "16158",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16158"
},
{
"name": "domino-smtp-nrouter-dos(27413)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27413"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/de2ab57a5b9547848525701b00420c2c?OpenDocument\u0026Highlight=0%2CKSPR699NBP"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/f97fe7cfd9a8113b8525709200001db4?OpenDocument\u0026Highlight=0%2CGPKS6C9J67"
},
{
"name": "18328",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18328"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/94a77eb898843aca8525709200001de1?OpenDocument\u0026Highlight=0%2CJGAN6B6TZ3"
},
{
"name": "ADV-2006-2564",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2564"
},
{
"name": "lotus-multiple-unspecified(24207)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24207"
},
{
"name": "20855",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20855"
},
{
"name": "lotus-web-unspecified-xss(24211)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24211"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/e4deb1cbb011c747852570e4001ba9bb?OpenDocument\u0026Highlight=0%2CGPKS5YQGPT"
},
{
"name": "1016390",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016390"
},
{
"name": "18020",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18020"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/9a1650d1a771f3078525702a00420def?OpenDocument\u0026Highlight=0%2CHSAO6BNL6Y"
},
{
"name": "20060626 SYMSA-2006-006: Lotus Domino SMTP Based Denial of Service",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/438461/100/0/threaded"
},
{
"name": "ADV-2006-0081",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0081"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-01-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in IBM Lotus Notes and Domino Server before 6.5.5 have unknown impact and attack vectors, due to \"potential security issues\" as identified by SPR numbers (1) GPKS6C9J67 in Agents, (2) JGAN6B6TZ3 and (3) KSPR699NBP in the Router, (4) GPKS5YQGPT in Security, or (5) HSAO6BNL6Y in the Web Server. NOTE: vector 3 is related to an issue in NROUTER in IBM Lotus Notes and Domino Server before 6.5.4 FP1, 6.5.5, and 7.0, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted vCal meeting request sent via SMTP (aka SPR# KSPR699NBP)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg27007054"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/d1150fc9c5dec8b18525709200001da6?OpenDocument\u0026Highlight=0%2CGPKS6C9J67"
},
{
"name": "16158",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16158"
},
{
"name": "domino-smtp-nrouter-dos(27413)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27413"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/de2ab57a5b9547848525701b00420c2c?OpenDocument\u0026Highlight=0%2CKSPR699NBP"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/f97fe7cfd9a8113b8525709200001db4?OpenDocument\u0026Highlight=0%2CGPKS6C9J67"
},
{
"name": "18328",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18328"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/94a77eb898843aca8525709200001de1?OpenDocument\u0026Highlight=0%2CJGAN6B6TZ3"
},
{
"name": "ADV-2006-2564",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2564"
},
{
"name": "lotus-multiple-unspecified(24207)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24207"
},
{
"name": "20855",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20855"
},
{
"name": "lotus-web-unspecified-xss(24211)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24211"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/e4deb1cbb011c747852570e4001ba9bb?OpenDocument\u0026Highlight=0%2CGPKS5YQGPT"
},
{
"name": "1016390",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016390"
},
{
"name": "18020",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18020"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/9a1650d1a771f3078525702a00420def?OpenDocument\u0026Highlight=0%2CHSAO6BNL6Y"
},
{
"name": "20060626 SYMSA-2006-006: Lotus Domino SMTP Based Denial of Service",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/438461/100/0/threaded"
},
{
"name": "ADV-2006-0081",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0081"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0119",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in IBM Lotus Notes and Domino Server before 6.5.5 have unknown impact and attack vectors, due to \"potential security issues\" as identified by SPR numbers (1) GPKS6C9J67 in Agents, (2) JGAN6B6TZ3 and (3) KSPR699NBP in the Router, (4) GPKS5YQGPT in Security, or (5) HSAO6BNL6Y in the Web Server. NOTE: vector 3 is related to an issue in NROUTER in IBM Lotus Notes and Domino Server before 6.5.4 FP1, 6.5.5, and 7.0, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted vCal meeting request sent via SMTP (aka SPR# KSPR699NBP)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-1.ibm.com/support/docview.wss?uid=swg27007054",
"refsource": "CONFIRM",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg27007054"
},
{
"name": "http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/d1150fc9c5dec8b18525709200001da6?OpenDocument\u0026Highlight=0,GPKS6C9J67",
"refsource": "CONFIRM",
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/d1150fc9c5dec8b18525709200001da6?OpenDocument\u0026Highlight=0,GPKS6C9J67"
},
{
"name": "16158",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16158"
},
{
"name": "domino-smtp-nrouter-dos(27413)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27413"
},
{
"name": "http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/de2ab57a5b9547848525701b00420c2c?OpenDocument\u0026Highlight=0,KSPR699NBP",
"refsource": "CONFIRM",
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/de2ab57a5b9547848525701b00420c2c?OpenDocument\u0026Highlight=0,KSPR699NBP"
},
{
"name": "http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/f97fe7cfd9a8113b8525709200001db4?OpenDocument\u0026Highlight=0,GPKS6C9J67",
"refsource": "CONFIRM",
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/f97fe7cfd9a8113b8525709200001db4?OpenDocument\u0026Highlight=0,GPKS6C9J67"
},
{
"name": "18328",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18328"
},
{
"name": "http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/94a77eb898843aca8525709200001de1?OpenDocument\u0026Highlight=0,JGAN6B6TZ3",
"refsource": "CONFIRM",
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/94a77eb898843aca8525709200001de1?OpenDocument\u0026Highlight=0,JGAN6B6TZ3"
},
{
"name": "ADV-2006-2564",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2564"
},
{
"name": "lotus-multiple-unspecified(24207)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24207"
},
{
"name": "20855",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20855"
},
{
"name": "lotus-web-unspecified-xss(24211)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24211"
},
{
"name": "http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/e4deb1cbb011c747852570e4001ba9bb?OpenDocument\u0026Highlight=0,GPKS5YQGPT",
"refsource": "CONFIRM",
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/e4deb1cbb011c747852570e4001ba9bb?OpenDocument\u0026Highlight=0,GPKS5YQGPT"
},
{
"name": "1016390",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016390"
},
{
"name": "18020",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18020"
},
{
"name": "http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/9a1650d1a771f3078525702a00420def?OpenDocument\u0026Highlight=0,HSAO6BNL6Y",
"refsource": "CONFIRM",
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/9a1650d1a771f3078525702a00420def?OpenDocument\u0026Highlight=0,HSAO6BNL6Y"
},
{
"name": "20060626 SYMSA-2006-006: Lotus Domino SMTP Based Denial of Service",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/438461/100/0/threaded"
},
{
"name": "ADV-2006-0081",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0081"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0119",
"datePublished": "2006-01-09T11:00:00",
"dateReserved": "2006-01-09T00:00:00",
"dateUpdated": "2024-08-07T16:25:32.863Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4063
Vulnerability from cvelistv5
Published
2013-12-21 11:00
Modified
2024-08-06 16:30
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.x before 8.5.3 FP6 and 9.0.x before 9.0.1 allows remote attackers to inject arbitrary web script or HTML via active content in an e-mail message, aka SPRs PTHN9AQMV7 and TCLE98ZKRP.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21659959 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/86594 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:30:50.013Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21659959"
},
{
"name": "ibm-inotes-cve20134063-xss(86594)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86594"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.x before 8.5.3 FP6 and 9.0.x before 9.0.1 allows remote attackers to inject arbitrary web script or HTML via active content in an e-mail message, aka SPRs PTHN9AQMV7 and TCLE98ZKRP."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21659959"
},
{
"name": "ibm-inotes-cve20134063-xss(86594)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86594"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-4063",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.x before 8.5.3 FP6 and 9.0.x before 9.0.1 allows remote attackers to inject arbitrary web script or HTML via active content in an e-mail message, aka SPRs PTHN9AQMV7 and TCLE98ZKRP."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21659959",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21659959"
},
{
"name": "ibm-inotes-cve20134063-xss(86594)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86594"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2013-4063",
"datePublished": "2013-12-21T11:00:00",
"dateReserved": "2013-06-07T00:00:00",
"dateUpdated": "2024-08-06T16:30:50.013Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-3027
Vulnerability from cvelistv5
Published
2013-08-09 19:00
Modified
2024-08-06 16:00
Severity ?
EPSS score ?
Summary
Integer overflow in the DWA9W ActiveX control in iNotes in IBM Domino 9.0 before IF3 allows remote attackers to execute arbitrary code via a crafted web page, aka SPR PTHN97XHFW.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21644599 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/84381 | vdb-entry, x_refsource_XF | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21645503 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:00:09.535Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644599"
},
{
"name": "inotes-cve20133027-overflow(84381)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84381"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21645503"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-07-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the DWA9W ActiveX control in iNotes in IBM Domino 9.0 before IF3 allows remote attackers to execute arbitrary code via a crafted web page, aka SPR PTHN97XHFW."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644599"
},
{
"name": "inotes-cve20133027-overflow(84381)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84381"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21645503"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-3027",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the DWA9W ActiveX control in iNotes in IBM Domino 9.0 before IF3 allows remote attackers to execute arbitrary code via a crafted web page, aka SPR PTHN97XHFW."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21644599",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644599"
},
{
"name": "inotes-cve20133027-overflow(84381)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84381"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21645503",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21645503"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2013-3027",
"datePublished": "2013-08-09T19:00:00",
"dateReserved": "2013-04-12T00:00:00",
"dateUpdated": "2024-08-06T16:00:09.535Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-0118
Vulnerability from cvelistv5
Published
2006-01-09 11:00
Modified
2024-08-07 16:25
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in IBM Lotus Notes and Domino Server before 6.5.5, when running on AIX, allows attackers to cause a denial of service (deep recursion leading to stack overflow and crash) via long formulas.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/21d8fd7989fdf78d852570e4001bae68?OpenDocument | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/24206 | vdb-entry, x_refsource_XF | |
| http://www-1.ibm.com/support/docview.wss?uid=swg27007054 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/16158 | vdb-entry, x_refsource_BID | |
| http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/50c634bfe193efa5852570e4001baace?OpenDocument | x_refsource_CONFIRM | |
| http://secunia.com/advisories/18328 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2006/0081 | vdb-entry, x_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:25:33.567Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/21d8fd7989fdf78d852570e4001bae68?OpenDocument"
},
{
"name": "lotus-long-formula-bo(24206)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24206"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg27007054"
},
{
"name": "16158",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16158"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/50c634bfe193efa5852570e4001baace?OpenDocument"
},
{
"name": "18328",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18328"
},
{
"name": "ADV-2006-0081",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0081"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-01-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in IBM Lotus Notes and Domino Server before 6.5.5, when running on AIX, allows attackers to cause a denial of service (deep recursion leading to stack overflow and crash) via long formulas."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/21d8fd7989fdf78d852570e4001bae68?OpenDocument"
},
{
"name": "lotus-long-formula-bo(24206)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24206"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg27007054"
},
{
"name": "16158",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16158"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/50c634bfe193efa5852570e4001baace?OpenDocument"
},
{
"name": "18328",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18328"
},
{
"name": "ADV-2006-0081",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0081"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0118",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in IBM Lotus Notes and Domino Server before 6.5.5, when running on AIX, allows attackers to cause a denial of service (deep recursion leading to stack overflow and crash) via long formulas."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/21d8fd7989fdf78d852570e4001bae68?OpenDocument",
"refsource": "CONFIRM",
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/21d8fd7989fdf78d852570e4001bae68?OpenDocument"
},
{
"name": "lotus-long-formula-bo(24206)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24206"
},
{
"name": "http://www-1.ibm.com/support/docview.wss?uid=swg27007054",
"refsource": "CONFIRM",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg27007054"
},
{
"name": "16158",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16158"
},
{
"name": "http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/50c634bfe193efa5852570e4001baace?OpenDocument",
"refsource": "CONFIRM",
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/50c634bfe193efa5852570e4001baace?OpenDocument"
},
{
"name": "18328",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18328"
},
{
"name": "ADV-2006-0081",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0081"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0118",
"datePublished": "2006-01-09T11:00:00",
"dateReserved": "2006-01-09T00:00:00",
"dateUpdated": "2024-08-07T16:25:33.567Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-2369
Vulnerability from cvelistv5
Published
2005-08-16 04:00
Modified
2024-08-08 01:22
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in webadmin.nsf for Lotus Domino R6 6.5.1 allows attackers to create and detect directories via a .. (dot dot) in the directory creation command.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/11143/ | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/9900 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/15504 | vdb-entry, x_refsource_XF | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/15503 | vdb-entry, x_refsource_XF | |
| http://members.lycos.co.uk/r34ct/main/ibm_lotus_domino/lotus.txt | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:22:13.693Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "11143",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11143/"
},
{
"name": "9900",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9900"
},
{
"name": "lotus-webadmin-file-disclosure(15504)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15504"
},
{
"name": "lotus-dotdot-file-creation(15503)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15503"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://members.lycos.co.uk/r34ct/main/ibm_lotus_domino/lotus.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-03-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in webadmin.nsf for Lotus Domino R6 6.5.1 allows attackers to create and detect directories via a .. (dot dot) in the directory creation command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "11143",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11143/"
},
{
"name": "9900",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9900"
},
{
"name": "lotus-webadmin-file-disclosure(15504)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15504"
},
{
"name": "lotus-dotdot-file-creation(15503)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15503"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://members.lycos.co.uk/r34ct/main/ibm_lotus_domino/lotus.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2369",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in webadmin.nsf for Lotus Domino R6 6.5.1 allows attackers to create and detect directories via a .. (dot dot) in the directory creation command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "11143",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11143/"
},
{
"name": "9900",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9900"
},
{
"name": "lotus-webadmin-file-disclosure(15504)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15504"
},
{
"name": "lotus-dotdot-file-creation(15503)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15503"
},
{
"name": "http://members.lycos.co.uk/r34ct/main/ibm_lotus_domino/lotus.txt",
"refsource": "MISC",
"url": "http://members.lycos.co.uk/r34ct/main/ibm_lotus_domino/lotus.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2369",
"datePublished": "2005-08-16T04:00:00",
"dateReserved": "2005-08-16T00:00:00",
"dateUpdated": "2024-08-08T01:22:13.693Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-0274
Vulnerability from cvelistv5
Published
2010-01-09 18:00
Modified
2024-08-07 00:45
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the Edit Contact scene in Ultra-light Mode in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.241 for Domino 8.0.2 FP3 has unknown impact and attack vectors, aka SPR LSHR7TBLY5.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/38026 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2010/0077 | vdb-entry, x_refsource_VUPEN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/55470 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/37675 | vdb-entry, x_refsource_BID | |
| http://www-01.ibm.com/support/docview.wss?uid=swg27017776 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:45:11.364Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "38026",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38026"
},
{
"name": "ADV-2010-0077",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0077"
},
{
"name": "domino-ultralight-unspecified(55470)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55470"
},
{
"name": "37675",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37675"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27017776"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-01-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Edit Contact scene in Ultra-light Mode in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.241 for Domino 8.0.2 FP3 has unknown impact and attack vectors, aka SPR LSHR7TBLY5."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "38026",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38026"
},
{
"name": "ADV-2010-0077",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0077"
},
{
"name": "domino-ultralight-unspecified(55470)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55470"
},
{
"name": "37675",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37675"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27017776"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0274",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Edit Contact scene in Ultra-light Mode in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.241 for Domino 8.0.2 FP3 has unknown impact and attack vectors, aka SPR LSHR7TBLY5."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38026",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38026"
},
{
"name": "ADV-2010-0077",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0077"
},
{
"name": "domino-ultralight-unspecified(55470)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55470"
},
{
"name": "37675",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37675"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg27017776",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27017776"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0274",
"datePublished": "2010-01-09T18:00:00",
"dateReserved": "2010-01-09T00:00:00",
"dateUpdated": "2024-08-07T00:45:11.364Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-4821
Vulnerability from cvelistv5
Published
2013-01-11 00:00
Modified
2024-08-06 20:50
Severity ?
EPSS score ?
Summary
Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, allow remote attackers to execute arbitrary code via "insecure use" of the (1) java.lang.Class getDeclaredMethods or nd (2) java.lang.reflect.AccessibleObject setAccessible() methods.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:50:16.927Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616616"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616594"
},
{
"name": "ibm-java-gdm-sa-ce(78765)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78765"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616617"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21621154"
},
{
"name": "20120911 [SE-2012-01] Security vulnerabilities in IBM Java",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2012/Sep/38"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616652"
},
{
"name": "IV29659",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV29659"
},
{
"name": "55495",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55495"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21615800"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616490"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21616546"
},
{
"name": "RHSA-2012:1467",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1467.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616708"
},
{
"name": "51634",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51634"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21615705"
},
{
"name": "51326",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51326"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-09-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes \u0026 Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, allow remote attackers to execute arbitrary code via \"insecure use\" of the (1) java.lang.Class getDeclaredMethods or nd (2) java.lang.reflect.AccessibleObject setAccessible() methods."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616616"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616594"
},
{
"name": "ibm-java-gdm-sa-ce(78765)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78765"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616617"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21621154"
},
{
"name": "20120911 [SE-2012-01] Security vulnerabilities in IBM Java",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2012/Sep/38"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616652"
},
{
"name": "IV29659",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV29659"
},
{
"name": "55495",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/55495"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21615800"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616490"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21616546"
},
{
"name": "RHSA-2012:1467",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1467.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616708"
},
{
"name": "51634",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51634"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21615705"
},
{
"name": "51326",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51326"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2012-4821",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes \u0026 Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, allow remote attackers to execute arbitrary code via \"insecure use\" of the (1) java.lang.Class getDeclaredMethods or nd (2) java.lang.reflect.AccessibleObject setAccessible() methods."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21616616",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616616"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21616594",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616594"
},
{
"name": "ibm-java-gdm-sa-ce(78765)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78765"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21616617",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616617"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21621154",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21621154"
},
{
"name": "20120911 [SE-2012-01] Security vulnerabilities in IBM Java",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2012/Sep/38"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21616652",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616652"
},
{
"name": "IV29659",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV29659"
},
{
"name": "55495",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55495"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21615800",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21615800"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21616490",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616490"
},
{
"name": "https://www-304.ibm.com/support/docview.wss?uid=swg21616546",
"refsource": "CONFIRM",
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21616546"
},
{
"name": "RHSA-2012:1467",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1467.html"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21616708",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616708"
},
{
"name": "51634",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51634"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21615705",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21615705"
},
{
"name": "51326",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51326"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2012-4821",
"datePublished": "2013-01-11T00:00:00",
"dateReserved": "2012-09-06T00:00:00",
"dateUpdated": "2024-08-06T20:50:16.927Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-2310
Vulnerability from cvelistv5
Published
2005-08-16 04:00
Modified
2024-08-08 01:22
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in webadmin.nsf in Lotus Domino R6 6.5.1 allows remote attackers to inject arbitrary web script or HTML via a Domino command in the Quick Console.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/9901 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/15502 | vdb-entry, x_refsource_XF | |
| http://members.lycos.co.uk/r34ct/main/ibm_lotus_domino/lotus.txt | x_refsource_MISC | |
| http://secunia.com/advisories/11143 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.osvdb.org/4306 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:22:13.602Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "9901",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9901"
},
{
"name": "lotus-domino-webadmin-xss(15502)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15502"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://members.lycos.co.uk/r34ct/main/ibm_lotus_domino/lotus.txt"
},
{
"name": "11143",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11143"
},
{
"name": "4306",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/4306"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-03-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in webadmin.nsf in Lotus Domino R6 6.5.1 allows remote attackers to inject arbitrary web script or HTML via a Domino command in the Quick Console."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "9901",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9901"
},
{
"name": "lotus-domino-webadmin-xss(15502)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15502"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://members.lycos.co.uk/r34ct/main/ibm_lotus_domino/lotus.txt"
},
{
"name": "11143",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11143"
},
{
"name": "4306",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/4306"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2310",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in webadmin.nsf in Lotus Domino R6 6.5.1 allows remote attackers to inject arbitrary web script or HTML via a Domino command in the Quick Console."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "9901",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9901"
},
{
"name": "lotus-domino-webadmin-xss(15502)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15502"
},
{
"name": "http://members.lycos.co.uk/r34ct/main/ibm_lotus_domino/lotus.txt",
"refsource": "MISC",
"url": "http://members.lycos.co.uk/r34ct/main/ibm_lotus_domino/lotus.txt"
},
{
"name": "11143",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11143"
},
{
"name": "4306",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/4306"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2310",
"datePublished": "2005-08-16T04:00:00",
"dateReserved": "2005-08-16T00:00:00",
"dateUpdated": "2024-08-08T01:22:13.602Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-5061
Vulnerability from cvelistv5
Published
2011-03-22 17:00
Modified
2024-09-17 03:02
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.14 services for Lotus Domino, when Domino Native Authentication is enabled, might allow remote authenticated users to cause a denial of service (daemon crash) by going offline, aka SPR MLZG7UPB9N.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg27013341 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:24:54.018Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27013341"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.14 services for Lotus Domino, when Domino Native Authentication is enabled, might allow remote authenticated users to cause a denial of service (daemon crash) by going offline, aka SPR MLZG7UPB9N."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-03-22T17:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27013341"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-5061",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.14 services for Lotus Domino, when Domino Native Authentication is enabled, might allow remote authenticated users to cause a denial of service (daemon crash) by going offline, aka SPR MLZG7UPB9N."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg27013341",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27013341"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-5061",
"datePublished": "2011-03-22T17:00:00Z",
"dateReserved": "2011-03-22T00:00:00Z",
"dateUpdated": "2024-09-17T03:02:47.310Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-0892
Vulnerability from cvelistv5
Published
2014-04-23 19:00
Modified
2024-08-06 09:27
Severity ?
EPSS score ?
Summary
IBM Notes and Domino 8.5.x before 8.5.3 FP6 IF3 and 9.x before 9.0.1 FP1 on 32-bit Linux platforms use incorrect gcc options, which makes it easier for remote attackers to execute arbitrary code by leveraging the absence of the NX protection mechanism and placing crafted x86 code on the stack, aka SPR KLYH9GGS9W.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.kb.cert.org/vuls/id/350089 | third-party-advisory, x_refsource_CERT-VN | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21670264 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/91286 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:27:20.209Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#350089",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/350089"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670264"
},
{
"name": "ibm-notes-cve20140892-linux32-rce(91286)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91286"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Notes and Domino 8.5.x before 8.5.3 FP6 IF3 and 9.x before 9.0.1 FP1 on 32-bit Linux platforms use incorrect gcc options, which makes it easier for remote attackers to execute arbitrary code by leveraging the absence of the NX protection mechanism and placing crafted x86 code on the stack, aka SPR KLYH9GGS9W."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "VU#350089",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/350089"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670264"
},
{
"name": "ibm-notes-cve20140892-linux32-rce(91286)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91286"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-0892",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Notes and Domino 8.5.x before 8.5.3 FP6 IF3 and 9.x before 9.0.1 FP1 on 32-bit Linux platforms use incorrect gcc options, which makes it easier for remote attackers to execute arbitrary code by leveraging the absence of the NX protection mechanism and placing crafted x86 code on the stack, aka SPR KLYH9GGS9W."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#350089",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/350089"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21670264",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670264"
},
{
"name": "ibm-notes-cve20140892-linux32-rce(91286)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91286"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-0892",
"datePublished": "2014-04-23T19:00:00",
"dateReserved": "2014-01-06T00:00:00",
"dateUpdated": "2024-08-06T09:27:20.209Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-0590
Vulnerability from cvelistv5
Published
2013-08-27 01:00
Modified
2024-08-06 14:33
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in iNotes 8.5.x in IBM Lotus Domino 8.5 before 8.5.3 FP5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN95XNR3, a different vulnerability than CVE-2013-0591.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21647740 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/83814 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:33:05.210Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21647740"
},
{
"name": "inotes-cve20130590-xss(83814)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83814"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in iNotes 8.5.x in IBM Lotus Domino 8.5 before 8.5.3 FP5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN95XNR3, a different vulnerability than CVE-2013-0591."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21647740"
},
{
"name": "inotes-cve20130590-xss(83814)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83814"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-0590",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in iNotes 8.5.x in IBM Lotus Domino 8.5 before 8.5.3 FP5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN95XNR3, a different vulnerability than CVE-2013-0591."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21647740",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21647740"
},
{
"name": "inotes-cve20130590-xss(83814)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83814"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2013-0590",
"datePublished": "2013-08-27T01:00:00",
"dateReserved": "2012-12-16T00:00:00",
"dateUpdated": "2024-08-06T14:33:05.210Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-0915
Vulnerability from cvelistv5
Published
2011-02-08 21:00
Modified
2024-08-06 22:05
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in nrouter.exe in IBM Lotus Domino before 8.5.3 allows remote attackers to execute arbitrary code via a long name parameter in a Content-Type header in a malformed Notes calendar (aka iCalendar or iCal) meeting request, aka SPR KLYH87LL23.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/516245/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/43208 | third-party-advisory, x_refsource_SECUNIA | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21461514 | x_refsource_CONFIRM | |
| http://zerodayinitiative.com/advisories/ZDI-11-048/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:05:54.595Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20110207 ZDI-11-048: IBM Lotus Domino iCalendar Meeting Request Parsing Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/516245/100/0/threaded"
},
{
"name": "43208",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43208"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21461514"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-11-048/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-02-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in nrouter.exe in IBM Lotus Domino before 8.5.3 allows remote attackers to execute arbitrary code via a long name parameter in a Content-Type header in a malformed Notes calendar (aka iCalendar or iCal) meeting request, aka SPR KLYH87LL23."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20110207 ZDI-11-048: IBM Lotus Domino iCalendar Meeting Request Parsing Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/516245/100/0/threaded"
},
{
"name": "43208",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43208"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21461514"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-11-048/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0915",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in nrouter.exe in IBM Lotus Domino before 8.5.3 allows remote attackers to execute arbitrary code via a long name parameter in a Content-Type header in a malformed Notes calendar (aka iCalendar or iCal) meeting request, aka SPR KLYH87LL23."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20110207 ZDI-11-048: IBM Lotus Domino iCalendar Meeting Request Parsing Remote Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/516245/100/0/threaded"
},
{
"name": "43208",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43208"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21461514",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21461514"
},
{
"name": "http://zerodayinitiative.com/advisories/ZDI-11-048/",
"refsource": "MISC",
"url": "http://zerodayinitiative.com/advisories/ZDI-11-048/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-0915",
"datePublished": "2011-02-08T21:00:00",
"dateReserved": "2011-02-08T00:00:00",
"dateUpdated": "2024-08-06T22:05:54.595Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2000-1215
Vulnerability from cvelistv5
Published
2005-04-21 04:00
Modified
2024-08-08 05:45
Severity ?
EPSS score ?
Summary
The default configuration of Lotus Domino server 5.0.8 includes system information (version, operating system, and build date) in the HTTP headers of replies, which allows remote attackers to obtain sensitive information.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=100094373621813&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.kb.cert.org/vuls/id/984555 | third-party-advisory, x_refsource_CERT-VN | |
| http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/5552251934afaa9585256c0000737a7f?OpenDocument&Highlight=0%2CAWHN4A8QWM | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/10685 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:45:37.468Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20010919 lotus domino server 5.08 is very gabby",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=100094373621813\u0026w=2"
},
{
"name": "VU#984555",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/984555"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/5552251934afaa9585256c0000737a7f?OpenDocument\u0026Highlight=0%2CAWHN4A8QWM"
},
{
"name": "lotus-domino-information-disclosure(10685)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10685"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-06-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The default configuration of Lotus Domino server 5.0.8 includes system information (version, operating system, and build date) in the HTTP headers of replies, which allows remote attackers to obtain sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20010919 lotus domino server 5.08 is very gabby",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=100094373621813\u0026w=2"
},
{
"name": "VU#984555",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/984555"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/5552251934afaa9585256c0000737a7f?OpenDocument\u0026Highlight=0%2CAWHN4A8QWM"
},
{
"name": "lotus-domino-information-disclosure(10685)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10685"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-1215",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default configuration of Lotus Domino server 5.0.8 includes system information (version, operating system, and build date) in the HTTP headers of replies, which allows remote attackers to obtain sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20010919 lotus domino server 5.08 is very gabby",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=100094373621813\u0026w=2"
},
{
"name": "VU#984555",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/984555"
},
{
"name": "http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/5552251934afaa9585256c0000737a7f?OpenDocument\u0026Highlight=0,AWHN4A8QWM",
"refsource": "CONFIRM",
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/5552251934afaa9585256c0000737a7f?OpenDocument\u0026Highlight=0,AWHN4A8QWM"
},
{
"name": "lotus-domino-information-disclosure(10685)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10685"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-1215",
"datePublished": "2005-04-21T04:00:00",
"dateReserved": "2005-04-21T00:00:00",
"dateUpdated": "2024-08-08T05:45:37.468Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-1624
Vulnerability from cvelistv5
Published
2005-03-26 05:00
Modified
2024-08-08 03:34
Severity ?
EPSS score ?
Summary
Buffer overflow in Lotus Domino web server before R5.0.10, when logging to DOMLOG.NSF, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP Authenticate header containing certain non-ASCII characters.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/6646 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/11058 | vdb-entry, x_refsource_XF | |
| http://www.kb.cert.org/vuls/id/772563 | third-party-advisory, x_refsource_CERT-VN | |
| http://securitytracker.com/id?1004052 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:34:55.055Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "6646",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6646"
},
{
"name": "lotus-domino-authentication-bo(11058)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11058"
},
{
"name": "VU#772563",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/772563"
},
{
"name": "1004052",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1004052"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-04-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Lotus Domino web server before R5.0.10, when logging to DOMLOG.NSF, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP Authenticate header containing certain non-ASCII characters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "6646",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6646"
},
{
"name": "lotus-domino-authentication-bo(11058)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11058"
},
{
"name": "VU#772563",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/772563"
},
{
"name": "1004052",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1004052"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1624",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Lotus Domino web server before R5.0.10, when logging to DOMLOG.NSF, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP Authenticate header containing certain non-ASCII characters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "6646",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6646"
},
{
"name": "lotus-domino-authentication-bo(11058)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11058"
},
{
"name": "VU#772563",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/772563"
},
{
"name": "1004052",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1004052"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1624",
"datePublished": "2005-03-26T05:00:00",
"dateReserved": "2005-03-26T00:00:00",
"dateUpdated": "2024-08-08T03:34:55.055Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-5062
Vulnerability from cvelistv5
Published
2011-03-22 17:00
Modified
2024-09-16 23:46
Severity ?
EPSS score ?
Summary
IBM Lotus Quickr 8.1 before 8.1.0.15 services for Lotus Domino on AIX allows remote authenticated users to cause a denial of service (daemon crash) by subscribing to an Atom feed, aka SPR JRIE7VKMP9.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg27013341 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:24:54.026Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27013341"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "IBM Lotus Quickr 8.1 before 8.1.0.15 services for Lotus Domino on AIX allows remote authenticated users to cause a denial of service (daemon crash) by subscribing to an Atom feed, aka SPR JRIE7VKMP9."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-03-22T17:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27013341"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-5062",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Lotus Quickr 8.1 before 8.1.0.15 services for Lotus Domino on AIX allows remote authenticated users to cause a denial of service (daemon crash) by subscribing to an Atom feed, aka SPR JRIE7VKMP9."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg27013341",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27013341"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-5062",
"datePublished": "2011-03-22T17:00:00Z",
"dateReserved": "2011-03-22T00:00:00Z",
"dateUpdated": "2024-09-16T23:46:01.817Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-5924
Vulnerability from cvelistv5
Published
2007-11-10 02:00
Modified
2024-08-07 15:47
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the Web Server (HTTP) task in IBM Lotus Domino before 6.5.6 FP2, and 7.x before 7.0.2 FP2, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://jvn.jp/jp/JVN%2384565055/index.html | third-party-advisory, x_refsource_JVN | |
| http://osvdb.org/39720 | vdb-entry, x_refsource_OSVDB | |
| http://www-1.ibm.com/support/docview.wss?uid=swg27010980 | x_refsource_CONFIRM | |
| http://www-1.ibm.com/support/docview.wss?uid=swg21263871 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/27509 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2007/3700 | vdb-entry, x_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:47:00.548Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#84565055",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/jp/JVN%2384565055/index.html"
},
{
"name": "39720",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39720"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg27010980"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21263871"
},
{
"name": "27509",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27509"
},
{
"name": "ADV-2007-3700",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3700"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-11-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Web Server (HTTP) task in IBM Lotus Domino before 6.5.6 FP2, and 7.x before 7.0.2 FP2, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-09-24T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "JVN#84565055",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/jp/JVN%2384565055/index.html"
},
{
"name": "39720",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39720"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg27010980"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21263871"
},
{
"name": "27509",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27509"
},
{
"name": "ADV-2007-3700",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3700"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5924",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Web Server (HTTP) task in IBM Lotus Domino before 6.5.6 FP2, and 7.x before 7.0.2 FP2, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#84565055",
"refsource": "JVN",
"url": "http://jvn.jp/jp/JVN%2384565055/index.html"
},
{
"name": "39720",
"refsource": "OSVDB",
"url": "http://osvdb.org/39720"
},
{
"name": "http://www-1.ibm.com/support/docview.wss?uid=swg27010980",
"refsource": "CONFIRM",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg27010980"
},
{
"name": "http://www-1.ibm.com/support/docview.wss?uid=swg21263871",
"refsource": "CONFIRM",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21263871"
},
{
"name": "27509",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27509"
},
{
"name": "ADV-2007-3700",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3700"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5924",
"datePublished": "2007-11-10T02:00:00",
"dateReserved": "2007-11-09T00:00:00",
"dateUpdated": "2024-08-07T15:47:00.548Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-4843
Vulnerability from cvelistv5
Published
2007-03-29 21:00
Modified
2024-08-07 19:23
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the Active Content Filter feature in IBM Lotus Domino before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to inject arbitrary web script or HTML via unspecified "code sequences" that bypass the protection scheme.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/33280 | vdb-entry, x_refsource_XF | |
| http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=493 | third-party-advisory, x_refsource_IDEFENSE | |
| http://www.securitytracker.com/id?1017824 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/23173 | vdb-entry, x_refsource_BID | |
| http://www-1.ibm.com/support/docview.wss?uid=swg21257026 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/24633 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2007/1133 | vdb-entry, x_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:23:41.311Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "domino-webaccess-contentfilter-xss(33280)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33280"
},
{
"name": "20070328 IBM Lotus Domino Web Access Cross Site Scripting Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=493"
},
{
"name": "1017824",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017824"
},
{
"name": "23173",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23173"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21257026"
},
{
"name": "24633",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24633"
},
{
"name": "ADV-2007-1133",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1133"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Active Content Filter feature in IBM Lotus Domino before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to inject arbitrary web script or HTML via unspecified \"code sequences\" that bypass the protection scheme."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "domino-webaccess-contentfilter-xss(33280)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33280"
},
{
"name": "20070328 IBM Lotus Domino Web Access Cross Site Scripting Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=493"
},
{
"name": "1017824",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017824"
},
{
"name": "23173",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23173"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21257026"
},
{
"name": "24633",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24633"
},
{
"name": "ADV-2007-1133",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1133"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4843",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Active Content Filter feature in IBM Lotus Domino before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to inject arbitrary web script or HTML via unspecified \"code sequences\" that bypass the protection scheme."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "domino-webaccess-contentfilter-xss(33280)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33280"
},
{
"name": "20070328 IBM Lotus Domino Web Access Cross Site Scripting Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=493"
},
{
"name": "1017824",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017824"
},
{
"name": "23173",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23173"
},
{
"name": "http://www-1.ibm.com/support/docview.wss?uid=swg21257026",
"refsource": "CONFIRM",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21257026"
},
{
"name": "24633",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24633"
},
{
"name": "ADV-2007-1133",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1133"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4843",
"datePublished": "2007-03-29T21:00:00",
"dateReserved": "2006-09-15T00:00:00",
"dateUpdated": "2024-08-07T19:23:41.311Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-2311
Vulnerability from cvelistv5
Published
2005-08-16 04:00
Modified
2024-08-08 01:22
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in webadmin.nsf in Lotus Domino R6 6.5.1 allows local users to create folders or determine the existence of files via a .. (dot dot) in the new folder dialog.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/9900 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/15504 | vdb-entry, x_refsource_XF | |
| http://members.lycos.co.uk/r34ct/main/ibm_lotus_domino/lotus.txt | x_refsource_MISC | |
| http://secunia.com/advisories/11143 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:22:13.603Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "9900",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9900"
},
{
"name": "lotus-webadmin-file-disclosure(15504)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15504"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://members.lycos.co.uk/r34ct/main/ibm_lotus_domino/lotus.txt"
},
{
"name": "11143",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11143"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-03-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in webadmin.nsf in Lotus Domino R6 6.5.1 allows local users to create folders or determine the existence of files via a .. (dot dot) in the new folder dialog."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "9900",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9900"
},
{
"name": "lotus-webadmin-file-disclosure(15504)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15504"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://members.lycos.co.uk/r34ct/main/ibm_lotus_domino/lotus.txt"
},
{
"name": "11143",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11143"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2311",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in webadmin.nsf in Lotus Domino R6 6.5.1 allows local users to create folders or determine the existence of files via a .. (dot dot) in the new folder dialog."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "9900",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9900"
},
{
"name": "lotus-webadmin-file-disclosure(15504)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15504"
},
{
"name": "http://members.lycos.co.uk/r34ct/main/ibm_lotus_domino/lotus.txt",
"refsource": "MISC",
"url": "http://members.lycos.co.uk/r34ct/main/ibm_lotus_domino/lotus.txt"
},
{
"name": "11143",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11143"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2311",
"datePublished": "2005-08-16T04:00:00",
"dateReserved": "2005-08-16T00:00:00",
"dateUpdated": "2024-08-08T01:22:13.603Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:53
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in webadmin.nsf in Lotus Domino R6 6.5.1 allows remote attackers to inject arbitrary web script or HTML via a Domino command in the Quick Console.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | lotus_domino | 6.5.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C00B8057-26DF-4064-A934-0AA88A0C1A6F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in webadmin.nsf in Lotus Domino R6 6.5.1 allows remote attackers to inject arbitrary web script or HTML via a Domino command in the Quick Console."
}
],
"id": "CVE-2004-2310",
"lastModified": "2024-11-20T23:53:01.487",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://members.lycos.co.uk/r34ct/main/ibm_lotus_domino/lotus.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/11143"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/4306"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/9901"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15502"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://members.lycos.co.uk/r34ct/main/ibm_lotus_domino/lotus.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/11143"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/4306"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/9901"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15502"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-03-18 05:00
Modified
2024-11-20 23:44
Severity ?
Summary
Buffer overflow in Web Retriever client for Lotus Notes/Domino R4.5 through R6 allows remote malicious web servers to cause a denial of service (crash) via a long HTTP status line.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | lotus_domino | 4.6.1 | |
| ibm | lotus_domino | 4.6.3 | |
| ibm | lotus_domino | 4.6.4 | |
| ibm | lotus_domino | 5.0 | |
| ibm | lotus_domino | 5.0.1 | |
| ibm | lotus_domino | 5.0.2 | |
| ibm | lotus_domino | 5.0.3 | |
| ibm | lotus_domino | 5.0.4 | |
| ibm | lotus_domino | 5.0.4a | |
| ibm | lotus_domino | 5.0.5 | |
| ibm | lotus_domino | 5.0.6 | |
| ibm | lotus_domino | 5.0.6a | |
| ibm | lotus_domino | 5.0.7 | |
| ibm | lotus_domino | 5.0.7a | |
| ibm | lotus_domino | 5.0.8 | |
| ibm | lotus_domino | 5.0.8a | |
| ibm | lotus_domino | 5.0.9 | |
| ibm | lotus_domino | 5.0.9a | |
| ibm | lotus_domino | 5.0.10 | |
| ibm | lotus_domino | 5.0.11 | |
| ibm | lotus_notes_client | 5.0 | |
| ibm | lotus_notes_client | 5.0.1 | |
| ibm | lotus_notes_client | 5.0.2 | |
| ibm | lotus_notes_client | 5.0.3 | |
| ibm | lotus_notes_client | 5.0.4 | |
| ibm | lotus_notes_client | 5.0.5 | |
| ibm | lotus_notes_client | 5.0.9a | |
| ibm | lotus_notes_client | 5.0.10 | |
| ibm | lotus_notes_client | 5.0.11 | |
| ibm | lotus_notes_client | r5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:4.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "51C33E15-C92F-4F22-9593-EFFE9F033730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:4.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5C91500D-E91E-4776-9F51-34E7EBB8F031",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:4.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F5441972-4038-4845-9B35-EF35C0053EB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3264F8E8-C40A-4C5C-BF2C-BD4690FE7EC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF9513C4-3F02-4C32-AD91-C4A5941A5A5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E570AFE6-CEAF-4F6F-81D3-CFFAAA8D5109",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CF6B527E-B1FE-41A3-A274-7BE2E893E6AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "92B419CE-813B-42AA-9E06-2059F7DEE669",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0.4a:*:*:*:*:*:*:*",
"matchCriteriaId": "197E7E1C-D545-46FB-890F-B92AB9DA2B94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "986B8670-2341-474D-8477-47627DF1ED02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "908E6F9A-FCE7-48C2-A307-057536944313",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0.6a:*:*:*:*:*:*:*",
"matchCriteriaId": "400521B9-F617-44A5-AF59-3D8DAE78067A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "00D21AF1-5802-41DA-8812-43B251D55CE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0.7a:*:*:*:*:*:*:*",
"matchCriteriaId": "78DCE051-78E2-4F35-9598-98C19110ECE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A80A1E8B-43C8-449F-9B16-01F30D23E3D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0.8a:*:*:*:*:*:*:*",
"matchCriteriaId": "A5E9D813-6EDD-48A0-9A2D-E08207F25AB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F49E352F-35C5-4C9A-9B3D-C8C6FC128B35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0.9a:*:*:*:*:*:*:*",
"matchCriteriaId": "CC2A846C-20EC-41A6-BF4C-8FB84C45CEE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "2E0761E0-E899-413E-97CF-23BDA9395B15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8471D114-204C-4B44-B0BE-C86226D8A5A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes_client:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16FA46F1-4A78-4091-8498-8D4C4F946A9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes_client:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AEF03B36-AEE4-4A40-B7B6-4EAB2552C1E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes_client:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FE6FD2E2-5454-4054-9482-93D698AA1840",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes_client:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5E2E4D7A-ACD2-482D-B3E4-FFEA47040E00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes_client:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B0D185EB-F565-4D06-949F-27B44267E2CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes_client:5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "006538A8-3D1F-405F-A493-A2DF0693D190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes_client:5.0.9a:*:*:*:*:*:*:*",
"matchCriteriaId": "386C3C61-940D-4DCA-BB08-D47924759DC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes_client:5.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F7987AAB-0035-4BFB-A4E9-E56D19BB7774",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes_client:5.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "3306F4C6-1D42-47A9-9286-F05F15DC971F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes_client:r5:*:*:*:*:*:*:*",
"matchCriteriaId": "49557BEE-0FED-4F45-89C3-5DCBD2C7851D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Web Retriever client for Lotus Notes/Domino R4.5 through R6 allows remote malicious web servers to cause a denial of service (crash) via a long HTTP status line."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en el cliente Web Retriever de Lotus Notes/Domino R4.5 a R.6 permite a servidores web remotos maliciosos causar una denegaci\u00f3n de servicio (ca\u00edda) mediante una l\u00ednea de estado HTTP larga."
}
],
"id": "CVE-2003-0123",
"lastModified": "2024-11-20T23:44:00.777",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-03-18T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104757545500368\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-1.ibm.com/support/docview.wss?rs=482\u0026q=Domino\u0026uid=swg21105060"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2003-11.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.ciac.org/ciac/bulletins/n-065.shtml"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/411489"
},
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
],
"url": "http://www.rapid7.com/advisories/R7-0011.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/7038"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11525"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104757545500368\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-1.ibm.com/support/docview.wss?rs=482\u0026q=Domino\u0026uid=swg21105060"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2003-11.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.ciac.org/ciac/bulletins/n-065.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/411489"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://www.rapid7.com/advisories/R7-0011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/7038"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11525"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-09-08 18:30
Modified
2024-11-21 01:06
Severity ?
Summary
Unspecified vulnerability in nserver.exe in the server in IBM Lotus Domino 8.0 on Windows Server 2003 allows remote attackers to cause a denial of service (daemon crash) via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | lotus_domino | 8.0 | |
| microsoft | windows_server_2003 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6C3DB9C3-4DAC-4663-9097-95600E13FCDB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31A64C69-D182-4BEC-BA8A-7B405F5B2FC0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in nserver.exe in the server in IBM Lotus Domino 8.0 on Windows Server 2003 allows remote attackers to cause a denial of service (daemon crash) via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en nserver.exe en el servidor de IBM Lotus Domino v8.0 para Windows Server 2003, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda del demonio) a trav\u00e9s de vectores desconocidos, como se ha demostrado en cierto m\u00f3dulo de VulnDisco Pack Professional 8.11. NOTA: a fecha de 03/09/2009, este aviso no cuenta con m\u00e1s informaci\u00f3n. Sin embargo, debido a que el autor de VulnDisco Pack es una fuente fiable, se ha decidido asignarle un identificador al CVE para poder realizar un seguimiento del mismo."
}
],
"id": "CVE-2009-3087",
"lastModified": "2024-11-21T01:06:30.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-09-08T18:30:00.483",
"references": [
{
"source": "cve@mitre.org",
"url": "http://intevydis.com/vd-list.shtml"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36556"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://intevydis.com/vd-list.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36556"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:53
Severity ?
Summary
Directory traversal vulnerability in webadmin.nsf for Lotus Domino R6 6.5.1 allows attackers to create and detect directories via a .. (dot dot) in the directory creation command.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | lotus_domino | 6.5.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C00B8057-26DF-4064-A934-0AA88A0C1A6F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in webadmin.nsf for Lotus Domino R6 6.5.1 allows attackers to create and detect directories via a .. (dot dot) in the directory creation command."
}
],
"id": "CVE-2004-2369",
"lastModified": "2024-11-20T23:53:10.953",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://members.lycos.co.uk/r34ct/main/ibm_lotus_domino/lotus.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/11143/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/9900"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15503"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15504"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://members.lycos.co.uk/r34ct/main/ibm_lotus_domino/lotus.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/11143/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/9900"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15503"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15504"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-03-27 12:23
Modified
2024-11-21 01:47
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in webadmin.nsf (aka the Web Administrator client) in IBM Domino 8.5.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | lotus_domino | 8.5.0 | |
| ibm | lotus_domino | 8.5.0.1 | |
| ibm | lotus_domino | 8.5.1 | |
| ibm | lotus_domino | 8.5.1.1 | |
| ibm | lotus_domino | 8.5.1.2 | |
| ibm | lotus_domino | 8.5.1.3 | |
| ibm | lotus_domino | 8.5.1.4 | |
| ibm | lotus_domino | 8.5.1.5 | |
| ibm | lotus_domino | 8.5.2.0 | |
| ibm | lotus_domino | 8.5.2.1 | |
| ibm | lotus_domino | 8.5.2.2 | |
| ibm | lotus_domino | 8.5.2.3 | |
| ibm | lotus_domino | 8.5.2.4 | |
| ibm | lotus_domino | 8.5.3.0 | |
| ibm | lotus_domino | 8.5.3.1 | |
| ibm | lotus_domino | 8.5.3.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A1588F54-4E8B-43C3-85E5-A12C04B694CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B6DDD0E9-9084-4F0A-B3F1-8357CAD88A3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E0059358-69C1-4F89-B4E6-B6BE22845D33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ECF00AEE-9A3A-46E3-8B0F-2131E3235431",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9861BE52-4945-4F36-B6EF-701DB789CA28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0D6BFA82-5CA0-403F-98E6-342EF87AE366",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "79CBA8AF-9C3D-4510-8D91-7C42931CD3FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6DB694E3-96E1-4283-8DE3-91E930F76A65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EDB2B497-83A2-41A4-9F0D-CD17080CC1DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "91D7FA80-1FD9-48F3-934A-FC7B3BAD4FD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E30C8593-884E-4F6B-B107-0B3276EB1102",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A5B5CCB4-BB4F-4677-A7AA-B7C20682A00D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2408220F-FBDB-419E-8F04-35BED47CE213",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "350ACC22-669F-4429-A525-36F56EF9678C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3C068055-FB7A-4AFB-AF29-28238ECF126F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1ACB4B2C-CCE1-4A0A-B962-B8C208869589",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in webadmin.nsf (aka the Web Administrator client) in IBM Domino 8.5.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en webadmin.nsf (tambi\u00e9n conocido como cliente Web Administrator) en IBM Domino v8.5.x permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2013-0488",
"lastModified": "2024-11-21T01:47:40.730",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-03-27T12:23:46.163",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21627597"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81853"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21627597"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81853"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-03-22 17:55
Modified
2024-11-21 00:58
Severity ?
Summary
IBM Lotus Quickr 8.1 before 8.1.0.2 services for Lotus Domino does not properly handle URLs that request images, which allows remote authenticated users to cause a denial of service (daemon crash) via a request to resources.nsf, aka SPR XFXF7JDBCX.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | lotus_quickr | 8.1 | |
| ibm | lotus_domino | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_quickr:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "83B3B388-0438-4806-9F21-2170428739DF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BE9179CA-5855-4F19-BAA6-D0A6DF468B9B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Lotus Quickr 8.1 before 8.1.0.2 services for Lotus Domino does not properly handle URLs that request images, which allows remote authenticated users to cause a denial of service (daemon crash) via a request to resources.nsf, aka SPR XFXF7JDBCX."
},
{
"lang": "es",
"value": "IBM Lotus Quickr 8.1 anteriores a 8.1.0.2 services para Lotus Domino no maneja correctamente las URL de las peticiones de im\u00e1genes, lo que permite a usuarios remotos autenticados provocar una denegaci\u00f3n de servicio (ca\u00edda del demonio) a trav\u00e9s de una petici\u00f3n a resources.nsf. Tambi\u00e9n conocido como SPR XFXF7JDBCX."
}
],
"id": "CVE-2008-7286",
"lastModified": "2024-11-21T00:58:44.830",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-03-22T17:55:01.127",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27013341"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27013341"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-08-27 03:34
Modified
2024-11-21 01:47
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in iNotes 8.5.x in IBM Lotus Domino 8.5 before 8.5.3 FP5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN95XNR3.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | lotus_domino | 8.5.0 | |
| ibm | lotus_domino | 8.5.0.1 | |
| ibm | lotus_domino | 8.5.1 | |
| ibm | lotus_domino | 8.5.1.1 | |
| ibm | lotus_domino | 8.5.1.2 | |
| ibm | lotus_domino | 8.5.1.3 | |
| ibm | lotus_domino | 8.5.1.4 | |
| ibm | lotus_domino | 8.5.1.5 | |
| ibm | lotus_domino | 8.5.2.0 | |
| ibm | lotus_domino | 8.5.2.1 | |
| ibm | lotus_domino | 8.5.2.2 | |
| ibm | lotus_domino | 8.5.2.3 | |
| ibm | lotus_domino | 8.5.2.4 | |
| ibm | lotus_domino | 8.5.3.0 | |
| ibm | lotus_domino | 8.5.3.1 | |
| ibm | lotus_domino | 8.5.3.2 | |
| ibm | lotus_domino | 8.5.3.3 | |
| ibm | lotus_domino | 8.5.3.4 | |
| ibm | lotus_inotes | 8.5.0.0 | |
| ibm | lotus_inotes | 8.5.1.0 | |
| ibm | lotus_inotes | 8.5.2.0 | |
| ibm | lotus_inotes | 8.5.3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A1588F54-4E8B-43C3-85E5-A12C04B694CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B6DDD0E9-9084-4F0A-B3F1-8357CAD88A3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E0059358-69C1-4F89-B4E6-B6BE22845D33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ECF00AEE-9A3A-46E3-8B0F-2131E3235431",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9861BE52-4945-4F36-B6EF-701DB789CA28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0D6BFA82-5CA0-403F-98E6-342EF87AE366",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "79CBA8AF-9C3D-4510-8D91-7C42931CD3FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6DB694E3-96E1-4283-8DE3-91E930F76A65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EDB2B497-83A2-41A4-9F0D-CD17080CC1DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "91D7FA80-1FD9-48F3-934A-FC7B3BAD4FD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E30C8593-884E-4F6B-B107-0B3276EB1102",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A5B5CCB4-BB4F-4677-A7AA-B7C20682A00D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2408220F-FBDB-419E-8F04-35BED47CE213",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "350ACC22-669F-4429-A525-36F56EF9678C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3C068055-FB7A-4AFB-AF29-28238ECF126F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1ACB4B2C-CCE1-4A0A-B962-B8C208869589",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BC1A8676-B2CA-49FF-A43E-EAC62170BF82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "71ADC0C5-36E9-426E-B302-56804B1800BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:8.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FF04F0F8-E2AC-4080-91CE-E871CF32FBB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:8.5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7FA02A70-D433-4AEB-B7CD-77744E52D280",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:8.5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CA621B45-7747-491D-A983-DD125BEE2753",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:8.5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "76D0D493-1BFD-4054-BDB0-F338BFAFDC5F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in iNotes 8.5.x in IBM Lotus Domino 8.5 before 8.5.3 FP5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN95XNR3."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de cross-site scripting (XSS) en iNotes v8.5.x en IBM Lotus Domino v8.5 anterior a v8.5.3 FP5, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores no especificados, tambi\u00e9n conocido como SPR PTHN95XNR3."
}
],
"id": "CVE-2013-0595",
"lastModified": "2024-11-21T01:47:49.497",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-08-27T03:34:35.040",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21647740"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83431"
},
{
"source": "psirt@us.ibm.com",
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21671622"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21647740"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83431"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21671622"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-08-09 19:55
Modified
2024-11-21 01:54
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the MIME e-mail functionality in iNotes in IBM Domino 9.0 before IF3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN98FLQ2.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | lotus_domino | 8.5.0 | |
| ibm | lotus_domino | 8.5.0.1 | |
| ibm | lotus_domino | 8.5.1 | |
| ibm | lotus_domino | 8.5.1.1 | |
| ibm | lotus_domino | 8.5.1.2 | |
| ibm | lotus_domino | 8.5.1.3 | |
| ibm | lotus_domino | 8.5.1.4 | |
| ibm | lotus_domino | 8.5.1.5 | |
| ibm | lotus_domino | 8.5.2.0 | |
| ibm | lotus_domino | 8.5.2.1 | |
| ibm | lotus_domino | 8.5.2.2 | |
| ibm | lotus_domino | 8.5.2.3 | |
| ibm | lotus_domino | 8.5.2.4 | |
| ibm | lotus_domino | 8.5.3.0 | |
| ibm | lotus_domino | 8.5.3.1 | |
| ibm | lotus_domino | 8.5.3.2 | |
| ibm | lotus_domino | 8.5.3.3 | |
| ibm | lotus_domino | 8.5.3.4 | |
| ibm | lotus_domino | 9.0.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A1588F54-4E8B-43C3-85E5-A12C04B694CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B6DDD0E9-9084-4F0A-B3F1-8357CAD88A3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E0059358-69C1-4F89-B4E6-B6BE22845D33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ECF00AEE-9A3A-46E3-8B0F-2131E3235431",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9861BE52-4945-4F36-B6EF-701DB789CA28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0D6BFA82-5CA0-403F-98E6-342EF87AE366",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "79CBA8AF-9C3D-4510-8D91-7C42931CD3FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6DB694E3-96E1-4283-8DE3-91E930F76A65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EDB2B497-83A2-41A4-9F0D-CD17080CC1DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "91D7FA80-1FD9-48F3-934A-FC7B3BAD4FD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E30C8593-884E-4F6B-B107-0B3276EB1102",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A5B5CCB4-BB4F-4677-A7AA-B7C20682A00D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2408220F-FBDB-419E-8F04-35BED47CE213",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "350ACC22-669F-4429-A525-36F56EF9678C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3C068055-FB7A-4AFB-AF29-28238ECF126F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1ACB4B2C-CCE1-4A0A-B962-B8C208869589",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BC1A8676-B2CA-49FF-A43E-EAC62170BF82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "71ADC0C5-36E9-426E-B302-56804B1800BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:9.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7025B610-6988-4A78-B0ED-6FB728AA6C28",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the MIME e-mail functionality in iNotes in IBM Domino 9.0 before IF3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN98FLQ2."
},
{
"lang": "es",
"value": "Vulnerabilidad Cross-site scripting (XSS) en la funcionalidad MIME e-mail en iNotes en IBM Domino v9.0 anterior a IF3 permite a atacantes remotos inyectar c\u00f3digo script o HTML a trav\u00e9s de vectores sin especificar, tambi\u00e9n conocido como SPR PTHN98FLQ2."
}
],
"evaluatorComment": "Per: http://www-01.ibm.com/support/docview.wss?uid=swg21645503\n\n\"A fix for CVE-2013-3990 can be made available to qualified customers upon request via a hotfix to 8.5.3 Fix Pack 5.\"",
"id": "CVE-2013-3990",
"lastModified": "2024-11-21T01:54:40.477",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-08-09T19:55:07.230",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644599"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21645503"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84971"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644599"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21645503"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84971"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-02-08 22:00
Modified
2024-11-21 01:25
Severity ?
Summary
Integer signedness error in ndiiop.exe in the DIIOP implementation in the server in IBM Lotus Domino before 8.5.3 allows remote attackers to execute arbitrary code via a GIOP client request, leading to a heap-based buffer overflow.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D9E1BDAF-D628-4797-AC6F-5D3D6422A218",
"versionEndIncluding": "8.5.2.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:4.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "51C33E15-C92F-4F22-9593-EFFE9F033730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:4.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5C91500D-E91E-4776-9F51-34E7EBB8F031",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:4.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F5441972-4038-4845-9B35-EF35C0053EB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3264F8E8-C40A-4C5C-BF2C-BD4690FE7EC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF9513C4-3F02-4C32-AD91-C4A5941A5A5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E570AFE6-CEAF-4F6F-81D3-CFFAAA8D5109",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CF6B527E-B1FE-41A3-A274-7BE2E893E6AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "92B419CE-813B-42AA-9E06-2059F7DEE669",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0.4a:*:*:*:*:*:*:*",
"matchCriteriaId": "197E7E1C-D545-46FB-890F-B92AB9DA2B94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "986B8670-2341-474D-8477-47627DF1ED02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "908E6F9A-FCE7-48C2-A307-057536944313",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0.6a:*:*:*:*:*:*:*",
"matchCriteriaId": "400521B9-F617-44A5-AF59-3D8DAE78067A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "00D21AF1-5802-41DA-8812-43B251D55CE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0.7a:*:*:*:*:*:*:*",
"matchCriteriaId": "78DCE051-78E2-4F35-9598-98C19110ECE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A80A1E8B-43C8-449F-9B16-01F30D23E3D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0.8a:*:*:*:*:*:*:*",
"matchCriteriaId": "A5E9D813-6EDD-48A0-9A2D-E08207F25AB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F49E352F-35C5-4C9A-9B3D-C8C6FC128B35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0.9a:*:*:*:*:*:*:*",
"matchCriteriaId": "CC2A846C-20EC-41A6-BF4C-8FB84C45CEE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "2E0761E0-E899-413E-97CF-23BDA9395B15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8471D114-204C-4B44-B0BE-C86226D8A5A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A9989FEB-3B5E-40FF-BDBF-CFC835BCF93B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B4B2AFF7-3921-402A-AE7A-BB9E2E8AA0A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2974F32F-19F1-42E5-AB4C-59ACC6D07ED5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C4BF6EB6-8A21-4FFD-A15F-797824D0F515",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B8A0BACA-DD1E-44AB-BF02-1F0DB179FF00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C1320064-F0E9-42C8-8E1C-9037684FA693",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "636FC0B6-8C7B-416E-9343-B6712C93D036",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3FD364F0-EE5B-4082-AD87-C9769F492E0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.0.2_cf2:*:*:*:*:*:*:*",
"matchCriteriaId": "64AB8494-6BC9-43CB-A645-43944B03D10A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "06DBE88F-F765-448E-88AF-3ED9FB98181A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AE30DC2C-35E9-4E4E-A8FF-2A31CF28B6DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9C9EE627-6072-4359-981B-0168F7D44B7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "53D6F4E6-2C8A-40B6-9DB9-38E15D2AFEEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0766C3F9-D2A2-4A58-9FF7-11B57232DEA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C00B8057-26DF-4064-A934-0AA88A0C1A6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8EFA5487-2D61-4E61-98A3-51882A8CE0C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D139E5E3-F66C-4184-9C4F-B06391147130",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A95404CC-47B8-40C6-BCED-FC3E68CA8D8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B39B06CE-E38C-469B-8E24-87B26F3BEB65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8F342FD1-7A60-4E7D-B56A-E1C3D560C728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EFBB2FBE-9A0A-49C9-A281-4D053513016B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D1B84127-574D-4C12-8823-787B1BBBAEA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C7708DE5-A3C2-4024-B5AE-FC9DE963935F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C709D66D-3AE7-48B7-9E27-5D1FE452643C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FB5AE863-C29F-4D32-8845-2D2426085071",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8FDDB5FD-9152-4A9C-829B-8BA2ACB3A5A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A8A7AF44-125F-4760-8370-34B7B4CB8753",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:7.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "48E4A116-4FEF-4EAF-B4C4-F6096853F791",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "69495B18-39A4-443F-A724-F713C4DD14A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:7.0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "63DD600E-2405-4954-B4EC-218ED0CF2492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:7.0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "42C54057-4166-476B-A184-CD3F4844D0D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:7.0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A0224534-201F-428A-A2D8-2C957BF57149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:7.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A946E7EE-769E-4676-AA7A-97CDD9168A5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:7.0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4AA31957-2452-4992-8DDA-7DDAAD09EC1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:7.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C8B5F961-7652-4967-BEEF-22F09484CDD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:7.0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "23E14D9F-97E1-4DFA-994F-DF7F118BFFA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:7.0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B09BFA8E-8F0F-4517-9F6A-B1097902324F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CE8510F6-D054-488E-99E9-A58272C47AA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "15DB2AF7-B494-4494-8686-33CB6A4C2CDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6FD6A3A3-6D6C-4EE0-B092-862DB03AC320",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1D2A467B-72FA-4280-A397-BC9D86D5B012",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D419EFAE-E03F-4F4A-8C18-06BE61EBBF5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.0.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F936FD55-AD59-47B3-8591-3F79B2ABB4E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.0.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E2FDC12D-2B2F-4967-8863-95A0F5AC2F21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.0.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E99A0A69-D443-469D-BDAB-F0250420C128",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E0059358-69C1-4F89-B4E6-B6BE22845D33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ECF00AEE-9A3A-46E3-8B0F-2131E3235431",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9861BE52-4945-4F36-B6EF-701DB789CA28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0D6BFA82-5CA0-403F-98E6-342EF87AE366",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "79CBA8AF-9C3D-4510-8D91-7C42931CD3FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6DB694E3-96E1-4283-8DE3-91E930F76A65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "05403BDA-56C0-465B-9669-19794DC7A7D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "91D7FA80-1FD9-48F3-934A-FC7B3BAD4FD6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer signedness error in ndiiop.exe in the DIIOP implementation in the server in IBM Lotus Domino before 8.5.3 allows remote attackers to execute arbitrary code via a GIOP client request, leading to a heap-based buffer overflow."
},
{
"lang": "es",
"value": "Error de presencia de signo (signedness) en enteros en ndiiop.exe en la aplicaci\u00f3n DIIOP en el servidor de IBM Lotus Domino v8.5.3 y anteriores, permite a atacantes remotos ejecutar c\u00f3digo se elecci\u00f3n mediante una petici\u00f3n del cliente GIOP, dando lugar a un desbordamiento de b\u00fafer en la memoria din\u00e1mica."
}
],
"id": "CVE-2011-0914",
"lastModified": "2024-11-21T01:25:09.183",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-02-08T22:00:02.510",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/43208"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21461514"
},
{
"source": "cve@mitre.org",
"url": "http://zerodayinitiative.com/advisories/ZDI-11-052/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/43208"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21461514"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://zerodayinitiative.com/advisories/ZDI-11-052/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-08-09 19:55
Modified
2024-11-21 01:52
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the MIME e-mail functionality in iNotes in IBM Domino 9.0 before IF3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN986NAA.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | lotus_domino | 8.5.0 | |
| ibm | lotus_domino | 8.5.0.1 | |
| ibm | lotus_domino | 8.5.1 | |
| ibm | lotus_domino | 8.5.1.1 | |
| ibm | lotus_domino | 8.5.1.2 | |
| ibm | lotus_domino | 8.5.1.3 | |
| ibm | lotus_domino | 8.5.1.4 | |
| ibm | lotus_domino | 8.5.1.5 | |
| ibm | lotus_domino | 8.5.2.0 | |
| ibm | lotus_domino | 8.5.2.1 | |
| ibm | lotus_domino | 8.5.2.2 | |
| ibm | lotus_domino | 8.5.2.3 | |
| ibm | lotus_domino | 8.5.2.4 | |
| ibm | lotus_domino | 8.5.3.0 | |
| ibm | lotus_domino | 8.5.3.1 | |
| ibm | lotus_domino | 8.5.3.2 | |
| ibm | lotus_domino | 9.0.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A1588F54-4E8B-43C3-85E5-A12C04B694CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B6DDD0E9-9084-4F0A-B3F1-8357CAD88A3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E0059358-69C1-4F89-B4E6-B6BE22845D33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ECF00AEE-9A3A-46E3-8B0F-2131E3235431",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9861BE52-4945-4F36-B6EF-701DB789CA28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0D6BFA82-5CA0-403F-98E6-342EF87AE366",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "79CBA8AF-9C3D-4510-8D91-7C42931CD3FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6DB694E3-96E1-4283-8DE3-91E930F76A65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EDB2B497-83A2-41A4-9F0D-CD17080CC1DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "91D7FA80-1FD9-48F3-934A-FC7B3BAD4FD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E30C8593-884E-4F6B-B107-0B3276EB1102",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A5B5CCB4-BB4F-4677-A7AA-B7C20682A00D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2408220F-FBDB-419E-8F04-35BED47CE213",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "350ACC22-669F-4429-A525-36F56EF9678C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3C068055-FB7A-4AFB-AF29-28238ECF126F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1ACB4B2C-CCE1-4A0A-B962-B8C208869589",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:9.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7025B610-6988-4A78-B0ED-6FB728AA6C28",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the MIME e-mail functionality in iNotes in IBM Domino 9.0 before IF3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN986NAA."
},
{
"lang": "es",
"value": "Vulnerabilidad Cross-site scripting (XSS) en la funcionalidad MIME e-mail en iNotes en IBM Domino v9.0 anterior a IF3 permite a atacantes remotos inyectar c\u00f3digo script o HTML a trav\u00e9s de vectores sin especificar, tambi\u00e9n conocido como SPR PTHN986NAA."
}
],
"id": "CVE-2013-3032",
"lastModified": "2024-11-21T01:52:51.967",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-08-09T19:55:06.397",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644599"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21645503"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84622"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644599"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21645503"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84622"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-09-19 12:02
Modified
2024-11-21 01:30
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in IBM Lotus Domino 8.5.2 allows remote attackers to inject arbitrary web script or HTML via the PanelIcon parameter in an fmpgPanelHeader ReadForm action to WebAdmin.nsf.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | lotus_domino | 8.5.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "05403BDA-56C0-465B-9669-19794DC7A7D0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM Lotus Domino 8.5.2 allows remote attackers to inject arbitrary web script or HTML via the PanelIcon parameter in an fmpgPanelHeader ReadForm action to WebAdmin.nsf."
},
{
"lang": "es",
"value": "Vulnerabilidad cross-site scripting (XSS) en IBM Lotus Domino v8.5.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del par\u00e1metro PanelIcon en una acci\u00f3n fmpgPanelHeader ReadForm a WebAdmin.nsf."
}
],
"id": "CVE-2011-3576",
"lastModified": "2024-11-21T01:30:46.843",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-09-19T12:02:57.357",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.research.reversingcode.com/index.php/advisories/73-ibm-ssd-1012211"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/49701"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.research.reversingcode.com/index.php/advisories/73-ibm-ssd-1012211"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/49701"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-03-22 17:55
Modified
2024-11-21 01:11
Severity ?
Summary
Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.10 services for Lotus Domino might allow remote authenticated users to cause a denial of service (daemon crash) by checking out a document that is accessed through a connector, aka SPR MMOI7PSR8J.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | lotus_quickr | 8.1 | |
| ibm | lotus_domino | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_quickr:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "83B3B388-0438-4806-9F21-2170428739DF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BE9179CA-5855-4F19-BAA6-D0A6DF468B9B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.10 services for Lotus Domino might allow remote authenticated users to cause a denial of service (daemon crash) by checking out a document that is accessed through a connector, aka SPR MMOI7PSR8J."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en IBM Lotus Quickr 8.1 anteriores a 8.1.0.10 services para Lotus Domino podr\u00eda permitir a usuarios remotos autenticados provocar una denegaci\u00f3n de servicio (ca\u00edda de demonio) al revisar un documento que se accede a trav\u00e9s de un conector. Tambi\u00e9n conocido como SPR MMOI7PSR8J."
}
],
"id": "CVE-2009-5059",
"lastModified": "2024-11-21T01:11:05.653",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-03-22T17:55:01.157",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27013341"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27013341"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-10-29 21:46
Modified
2024-11-21 00:33
Severity ?
Summary
Buffer overflow in the IMAP service in IBM Lotus Domino before 6.5.6 FP2, and 7.x before 7.0.3, allows remote authenticated users to execute arbitrary code via a long mailbox name.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | lotus_domino | 6.5.5 | |
| ibm | lotus_domino | 6.5.5 | |
| ibm | lotus_domino | 6.5.5 | |
| ibm | lotus_domino | 6.5.5 | |
| ibm | lotus_domino | 6.5.6 | |
| ibm | lotus_domino | 6.5.6 | |
| ibm | lotus_domino | 7.0 | |
| ibm | lotus_domino | 7.0.2 | |
| ibm | lotus_domino | 7.0.2 | |
| ibm | lotus_domino | 7.0.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C709D66D-3AE7-48B7-9E27-5D1FE452643C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.5:*:fp1:*:*:*:*:*",
"matchCriteriaId": "7B0B5F96-0762-45D3-B13E-1E4ED04AD69D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.5:*:fp2:*:*:*:*:*",
"matchCriteriaId": "DB1EA406-6488-46C0-B857-0BFFAA65B258",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.5:*:fp3:*:*:*:*:*",
"matchCriteriaId": "D36E3D33-5A60-4846-BED2-8BF3AFC9BBE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FB5AE863-C29F-4D32-8845-2D2426085071",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.6:*:fp1:*:*:*:*:*",
"matchCriteriaId": "1DD8A9BA-5E05-47D8-9C15-60A49A3C3141",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8FDDB5FD-9152-4A9C-829B-8BA2ACB3A5A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "69495B18-39A4-443F-A724-F713C4DD14A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:7.0.2:*:fp1:*:*:*:*:*",
"matchCriteriaId": "4A7F62D7-8225-4B84-A3CE-B91616B5AAD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:7.0.2:*:fp2:*:*:*:*:*",
"matchCriteriaId": "82718D37-02FA-4EA0-ABB6-167B5A0A2F0B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the IMAP service in IBM Lotus Domino before 6.5.6 FP2, and 7.x before 7.0.3, allows remote authenticated users to execute arbitrary code via a long mailbox name."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en el servicio IMAP de IBM Lotus Domino versiones anteriores a 6.5.6 FP2, y 7.x versiones anteriores a 7.0.3, permite a usuarios remotos autenticados ejecutar c\u00f3digo de su elecci\u00f3n mediante un nombre de buz\u00f3n de correo largo."
}
],
"id": "CVE-2007-3510",
"lastModified": "2024-11-21T00:33:25.223",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-10-29T21:46:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=605"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27321"
},
{
"source": "cve@mitre.org",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21270623"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/26176"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1018854"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/3598"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37365"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=605"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27321"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21270623"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/26176"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1018854"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/3598"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37365"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-01-11 00:55
Modified
2024-11-21 01:43
Severity ?
Summary
Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, allow remote attackers to execute arbitrary code via "insecure use" of the (1) java.lang.Class getDeclaredMethods or nd (2) java.lang.reflect.AccessibleObject setAccessible() methods.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:java:*:*:*:*:*:*:*:*",
"matchCriteriaId": "18BA3404-DE06-43A3-8319-31ECA80A8B8B",
"versionEndIncluding": "1.4.2.13.13",
"versionStartIncluding": "1.4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:java:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5BEA3D56-2995-42F6-9306-84B9E24AD317",
"versionEndIncluding": "5.0.14.0",
"versionStartIncluding": "5.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:java:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A59F289-2472-46F7-AD4B-24D9CE59807F",
"versionEndIncluding": "6.0.11.0",
"versionStartIncluding": "6.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:java:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9ABE8021-3E50-4DBF-991F-59BDD301389E",
"versionEndIncluding": "7.0.2.0",
"versionStartIncluding": "7.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6C3DB9C3-4DAC-4663-9097-95600E13FCDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CE8510F6-D054-488E-99E9-A58272C47AA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "15DB2AF7-B494-4494-8686-33CB6A4C2CDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6FD6A3A3-6D6C-4EE0-B092-862DB03AC320",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1D2A467B-72FA-4280-A397-BC9D86D5B012",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D419EFAE-E03F-4F4A-8C18-06BE61EBBF5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.0.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F936FD55-AD59-47B3-8591-3F79B2ABB4E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A1588F54-4E8B-43C3-85E5-A12C04B694CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B6DDD0E9-9084-4F0A-B3F1-8357CAD88A3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E0059358-69C1-4F89-B4E6-B6BE22845D33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ECF00AEE-9A3A-46E3-8B0F-2131E3235431",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9861BE52-4945-4F36-B6EF-701DB789CA28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0D6BFA82-5CA0-403F-98E6-342EF87AE366",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "79CBA8AF-9C3D-4510-8D91-7C42931CD3FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6DB694E3-96E1-4283-8DE3-91E930F76A65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EDB2B497-83A2-41A4-9F0D-CD17080CC1DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "91D7FA80-1FD9-48F3-934A-FC7B3BAD4FD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E30C8593-884E-4F6B-B107-0B3276EB1102",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A5B5CCB4-BB4F-4677-A7AA-B7C20682A00D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2408220F-FBDB-419E-8F04-35BED47CE213",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "350ACC22-669F-4429-A525-36F56EF9678C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3C068055-FB7A-4AFB-AF29-28238ECF126F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1ACB4B2C-CCE1-4A0A-B962-B8C208869589",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "692E295E-E650-42D5-AF7A-D6276C3D76E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A1E25625-8570-4744-A2A2-4A4FB4D8AC6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "50660BA1-A24A-4DBF-AB59-1CF04FA54120",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5759CBCB-7B3F-462A-B51A-FD2C6B13CCE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "69A79FA5-83FB-4067-B2A6-17EAF3947998",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "17815F4E-BB34-40D2-A3EE-3C7741940D1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7DE79982-9E92-498A-B961-55CB1D2D104F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F6814E3F-479C-4F56-BF66-C685E60CCA34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.0.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BB9EF5DE-4432-4099-AD59-CDD52E387BB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.0.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A1013797-0442-46A7-A94F-354388BA6B69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.0.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0CC228A3-1878-4A9F-8664-F4DFF77BF74B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0119A252-73B1-490F-9371-06E8FDB8B979",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "57D24791-E798-4B08-A051-E880DEFB8268",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2758590C-67FD-4DD6-84C1-0D32264BBE5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A7FC083C-B25E-427F-B722-B5ABD4F072F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0B0CF8A5-BC24-4204-BC06-2E1E2FB60E4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CDA723DB-62C5-4C84-B0BA-5313FDA49D73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "92F08B96-D43E-407E-839C-4C3C5BB58B2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5E50C779-C780-45FB-BC77-B9717389D2EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "867779A4-A7A5-48AD-9AC0-C6476719A5EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6B7B7544-D60C-4B9A-BC29-B30AD86EC9B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9D475EF5-DBB3-4B98-BB07-83A2632B5E0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F797A209-65C0-4A20-9DA2-C5576C091DE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9B01BCFA-13B4-4AB3-9558-4B704F6DCFA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D027E003-84C9-4290-A032-649C5E66B23B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1D9A13AC-B552-4E86-9E5D-62354D78E49C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E5CDBCB-F314-453B-B837-B03B53215748",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7A92849F-05E0-47DB-AB43-8AC559568D0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2BAE23EA-8576-4B4E-A6ED-91EB30E3FB6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes_sametime:8.0.80407:*:*:*:*:*:*:*",
"matchCriteriaId": "EB384FC6-D343-40F1-B9D3-480217EB97D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes_sametime:8.0.80822:*:*:*:*:*:*:*",
"matchCriteriaId": "9D4D8B5E-8172-4FC2-9F4F-6FB5D989DE1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes_sametime:8.5.1.20100709-1631:*:*:*:advanced_embedded:*:*:*",
"matchCriteriaId": "62A619D0-A250-41F7-8BC3-37B1507AF37C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes_traveler:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F6F9782A-17B1-4258-8B03-483328EFB01D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes_traveler:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "27E40AA1-CF34-4757-8EE1-873A5B199496",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes_traveler:8.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3997E3C6-1822-4DBB-A6E1-B46F4E0CF3B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes_traveler:8.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "35746885-CB26-4527-AB17-BBEF37A33F70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes_traveler:8.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6AE0191C-D6EF-486A-B497-9692D2892DA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes_traveler:8.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BE3021AA-7337-46B2-AECE-D4C93C032578",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes_traveler:8.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "29746507-F154-4216-B560-1D9243D5FF7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes_traveler:8.5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "80E42A69-B549-4904-AC5C-E2053CB38450",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes_traveler:8.5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2B2285A0-B3E7-4D41-9D06-796485D39B0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes_traveler:8.5.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E0D4D6C6-656D-433F-973B-7C0F7FD09428",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes_traveler:8.5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9DC57196-D703-407C-9883-58C31C6C4C62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes_traveler:8.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D25E5860-083C-4D43-945C-AB068BFF624B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes_traveler:8.5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E41ECC63-45B0-4011-8906-FF4DC825DA50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes_traveler:8.5.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB76CF67-767D-4A30-BB3F-2F44D80BC609",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes_traveler:8.5.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "521A5B6F-D214-4181-915B-CE1AF1F90397",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes_traveler:8.5.3.3:interim_fix_1:*:*:*:*:*:*",
"matchCriteriaId": "87F9AF9E-E7EA-44DF-AD03-0D28CC105EC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_change:4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "AD723C24-48AA-480F-93A5-064F9D4D75F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_change:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AFCFCA2C-1594-4FE3-BE4D-B9407A1BC1C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_change:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "323418E3-6CDF-4E84-8D3C-324BFE95DD4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_change:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F08AFD22-F720-4683-9444-012722E5E979",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_host_on-demand:1.6.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "B9114377-B995-419A-A566-4CFD06715298",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_host_on-demand:8.0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EAFD73FB-2F37-4B0D-A967-B6DD8500A273",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_host_on-demand:9.0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5E0D1AE7-63C6-4E66-90EB-9FB1ED71FC22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_host_on-demand:10.0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16CAC644-C915-46BF-88C3-6792304B7CE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_host_on-demand:10.0.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C9B4EA6D-BA41-4170-B4EC-6850ACA98344",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_host_on-demand:11.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "39AD3F53-55F2-451D-8A56-9B7B96F19AD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_host_on-demand:11.0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D8ABC05-561E-43D7-B408-BED36676C6B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_host_on-demand:11.0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BF30EFD9-12DD-4D2E-A087-66C008CF4338",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_host_on-demand:11.0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C3F20944-2611-41DC-8470-F267EA09A66F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_host_on-demand:11.0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16A57406-18F3-4F9E-A6C1-72DB1B0D0F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_host_on-demand:11.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8CDC30B5-78D0-4F0F-9F85-96B85026F33F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:service_delivery_manager:7.2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AB5888AC-B251-4DE4-95E8-56385429343E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:service_delivery_manager:7.2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CCA27B37-E411-496D-B23B-C8F8B9F95239",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smart_analytics_system_5600_software:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6A24824E-7091-41EA-A994-67DB0BAFF592",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smart_analytics_system_5600_software:9.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0C04EBD9-A8CD-498E-9724-848BBF4C13FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BE417DBB-F699-4B0C-93E4-F2A96E60A42C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "503B5597-B95E-4F8F-BCB6-B303D378F5CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2289E7D5-2915-42D3-BE86-FF63BF507251",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "45864079-DC1E-42F6-B9D4-36E1A46DE093",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "39A65FE7-7745-4D94-A22C-D0C7CF1C339A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5DB4F6B1-F1A1-40A3-9EB6-36CBDCF5FD55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "13DB3D7D-0D80-4B7E-B516-D4AE2AE3FC48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "11F1528F-BE73-4B03-BFA5-B1F96099F3F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AD8B5726-CDA8-4BDE-B2A6-AE308959A862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6233ED9B-760D-4218-A25B-DF67D703D9EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "350B304F-4ED0-4A91-A901-77A149DE2481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "50A2D35D-4170-4DD7-9AD3-39F23D432289",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "15E20435-C3A0-4A57-B82A-595A48BB0991",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33A34B3F-710C-42A8-B791-DA624B23E36D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E5010AB5-0932-4F05-9D6A-9D4C49151E83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7299B1C8-7BC2-4F42-B19E-4D0D2E599D02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1FC98EF0-EDCA-47D8-A4CE-083E3AA0376C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6522CFEE-4368-4596-8DB9-18247AB19C67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8E386E16-9F8F-4444-A190-EF964CA339F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AC24B012-A887-4A3F-A32C-80435C64BC10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F0B310DC-21E5-4A0D-A3D6-B0FD21C6C4F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "499FAEEF-0533-44FE-8249-AE40C6233E06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "1E8B4310-F5D2-4448-89C1-E6D656351E7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "88380637-715A-49CB-A9B6-0F8411225E9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D3AF6714-0D55-4C81-B354-F3875ACE4388",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "94A90709-74AD-4C1B-806C-E7E335A3A773",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E17308E6-B755-434F-8D2B-E5BBA37BA1F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_remote_control:5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C3BFA6A7-DA21-4DB1-829E-6CBF15AE19B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_real_time:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2487821D-BB7A-4574-A98B-B37604CD4654",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_real_time:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "88CB9D0F-DCAB-484D-ACA8-64772659EE6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tivoli_storage_productivity_center:5.0:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E541FE5B-2147-4340-85BE-C6A23E64F343",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tivoli_storage_productivity_center:5.1:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E1EFAA15-C456-45A5-8B60-5CCF0CF0029B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tivoli_storage_productivity_center:5.1.1:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8B783E88-2CDB-47B9-8F2F-126E60EA42CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:smart_analytics_system_5600:7200:*:*:*:*:*:*:*",
"matchCriteriaId": "CD9B9B97-8A48-4202-A48B-092585DDE4F2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes \u0026 Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, allow remote attackers to execute arbitrary code via \"insecure use\" of the (1) java.lang.Class getDeclaredMethods or nd (2) java.lang.reflect.AccessibleObject setAccessible() methods."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades no especificadas en el componente JRE en IBM Java 7 SR2 y anteriores, Java v6.0.1 SR3 y anteriores, Java 6 SR11 y anteriores, Java 5 SR14 y anteriores, y Java 142 SR13 FP13 y anteriores; como las usadas en IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control v5.1.2, WebSphere Real Time, Lotus Notes \u0026 Domino, Tivoli Storage Productivity Center, y Service Deliver Manager; y otros productos de otros vendedores como Red Hat, permite a atacantes remotos a ejecutar c\u00f3digo trav\u00e9s de vectores relacionados con \"uso inseguro\" de m\u00e9todos (1) java.lang.Class getDeclaredMethods o (2) java.lang.reflect.AccessibleObject setAccessible()."
}
],
"id": "CVE-2012-4821",
"lastModified": "2024-11-21T01:43:33.683",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-01-11T00:55:01.027",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1467.html"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/bugtraq/2012/Sep/38"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/51326"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/51634"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV29659"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21615705"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21615800"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616490"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616594"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616616"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616617"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616652"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616708"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21621154"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/55495"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78765"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21616546"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1467.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/bugtraq/2012/Sep/38"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/51326"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/51634"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV29659"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21615705"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21615800"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616490"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616594"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616616"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616617"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616652"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616708"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21621154"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/55495"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78765"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21616546"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-03-15 05:00
Modified
2024-11-20 23:38
Severity ?
Summary
Buffer overflow in bindsock in Lotus Domino 5.0.4 and 5.0.7 on Linux allows local users to gain root privileges via a long (1) Notes_ExecDirectory or (2) PATH environment variable.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | lotus_domino | 5.0.4 | |
| ibm | lotus_domino | 5.0.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0.4:*:linux:*:*:*:*:*",
"matchCriteriaId": "8D0C8DC6-31D1-4510-90DE-214784000593",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0.7:*:linux:*:*:*:*:*",
"matchCriteriaId": "4536934C-C145-4D08-9ABF-8682A36BE991",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in bindsock in Lotus Domino 5.0.4 and 5.0.7 on Linux allows local users to gain root privileges via a long (1) Notes_ExecDirectory or (2) PATH environment variable."
},
{
"lang": "es",
"value": "Desbordamiento de buffer en bindsock en Lotus Domino 5.0.4 a 5.0.7 en Linux permite a usuarios locales ganar privilegios de root mediante Notes_ExecDirectoryVariable de entorno PATHlargos."
}
],
"id": "CVE-2002-0086",
"lastModified": "2024-11-20T23:38:16.673",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-03-15T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21095569"
},
{
"source": "cve@mitre.org",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21100441"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.esecurityonline.com/advisories/eSO4124.asp"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.esecurityonline.com/advisories/eSO4126.asp"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/4317"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/4319"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8583"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8585"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21095569"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21100441"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.esecurityonline.com/advisories/eSO4124.asp"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.esecurityonline.com/advisories/eSO4126.asp"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/4317"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/4319"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8583"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8585"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-10-18 04:00
Modified
2024-11-20 23:51
Severity ?
Summary
NOTE: this issue has been disputed by the vendor. Cross-site scripting (XSS) vulnerability in IBM Lotus Notes R6 and Domino R6, and possibly earlier versions, allows remote attackers to execute arbitrary web script or HTML via square brackets at the beginning and end of (1) computed for display, (2) computed when composed, or (3) computed text element fields. NOTE: the vendor has disputed this issue, saying that it is not a problem with Notes/Domino itself, but with the applications that do not properly handle this feature
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | lotus_domino | 6.0 | |
| ibm | lotus_domino | 6.0.1 | |
| ibm | lotus_domino | 6.0.2 | |
| ibm | lotus_domino | 6.0.2_cf2 | |
| ibm | lotus_domino | 6.0.3 | |
| ibm | lotus_domino | 6.5.0 | |
| ibm | lotus_domino | 6.5.1 | |
| ibm | lotus_domino | 6.5.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A9989FEB-3B5E-40FF-BDBF-CFC835BCF93B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B4B2AFF7-3921-402A-AE7A-BB9E2E8AA0A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C1320064-F0E9-42C8-8E1C-9037684FA693",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.0.2_cf2:*:*:*:*:*:*:*",
"matchCriteriaId": "64AB8494-6BC9-43CB-A645-43944B03D10A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "06DBE88F-F765-448E-88AF-3ED9FB98181A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0766C3F9-D2A2-4A58-9FF7-11B57232DEA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C00B8057-26DF-4064-A934-0AA88A0C1A6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8EFA5487-2D61-4E61-98A3-51882A8CE0C4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "NOTE: this issue has been disputed by the vendor. Cross-site scripting (XSS) vulnerability in IBM Lotus Notes R6 and Domino R6, and possibly earlier versions, allows remote attackers to execute arbitrary web script or HTML via square brackets at the beginning and end of (1) computed for display, (2) computed when composed, or (3) computed text element fields. NOTE: the vendor has disputed this issue, saying that it is not a problem with Notes/Domino itself, but with the applications that do not properly handle this feature"
}
],
"id": "CVE-2004-1621",
"lastModified": "2024-11-20T23:51:20.673",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-10-18T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=109812960023736\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=109841682529328\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/12891"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://securitytracker.com/id?1011779"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www-1.ibm.com/support/docview.wss?rs=463\u0026uid=swg21187833"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/404382"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/11458"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17758"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=109812960023736\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=109841682529328\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/12891"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://securitytracker.com/id?1011779"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www-1.ibm.com/support/docview.wss?rs=463\u0026uid=swg21187833"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/404382"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/11458"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17758"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-05-09 01:55
Modified
2024-11-21 02:03
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in IBM iNotes and Domino 8.5.3 FP6 before IF2 and 9.0.1 before FP1 allows remote attackers to inject arbitrary web script or HTML via an e-mail message, aka SPR BFEY9GXHZE.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | lotus_domino | 8.5.3.6 | |
| ibm | lotus_domino | 9.0.1.0 | |
| ibm | lotus_inotes | 8.5.3.6 | |
| ibm | lotus_inotes | 9.0.1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "35B19F27-E6EE-41AA-937D-173E592A9278",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:9.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AA3B3D5F-EB63-4ABA-8A27-BD654422DA54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:8.5.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6A01616C-AEEB-40A0-AB35-0F615ADF8ADC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:9.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CF22B5-8931-49F4-A73E-7F425FBAAE30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM iNotes and Domino 8.5.3 FP6 before IF2 and 9.0.1 before FP1 allows remote attackers to inject arbitrary web script or HTML via an e-mail message, aka SPR BFEY9GXHZE."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en IBM iNotes y Domino 8.5.3 FP6 anterior a IF2 y 9.0.1 anterior a FP1 permite a atacantes remotos inyectar secuencias de comandos web y HTML arbitrarios a trav\u00e9s de un mensaje de e-mail, tambi\u00e9n conocido como SPR BFEY9GXHZE."
}
],
"id": "CVE-2014-0913",
"lastModified": "2024-11-21T02:03:01.853",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-05-09T01:55:02.713",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21671981"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securitytracker.com/id/1030215"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91880"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21671981"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1030215"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91880"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-12-31 05:00
Modified
2024-11-20 23:41
Severity ?
Summary
Buffer overflow in Lotus Domino web server before R5.0.10, when logging to DOMLOG.NSF, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP Authenticate header containing certain non-ASCII characters.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | lotus_domino | 5.0 | |
| ibm | lotus_domino | 5.0.1 | |
| ibm | lotus_domino | 5.0.2 | |
| ibm | lotus_domino | 5.0.3 | |
| ibm | lotus_domino | 5.0.4 | |
| ibm | lotus_domino | 5.0.4a | |
| ibm | lotus_domino | 5.0.5 | |
| ibm | lotus_domino | 5.0.6 | |
| ibm | lotus_domino | 5.0.6a | |
| ibm | lotus_domino | 5.0.7 | |
| ibm | lotus_domino | 5.0.7a | |
| ibm | lotus_domino | 5.0.8 | |
| ibm | lotus_domino | 5.0.9 | |
| ibm | lotus_domino | 5.0.9a |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3264F8E8-C40A-4C5C-BF2C-BD4690FE7EC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF9513C4-3F02-4C32-AD91-C4A5941A5A5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E570AFE6-CEAF-4F6F-81D3-CFFAAA8D5109",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CF6B527E-B1FE-41A3-A274-7BE2E893E6AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0.4:*:solaris:*:*:*:*:*",
"matchCriteriaId": "1D2DC637-4AEA-412D-A2B2-723C4ED21C50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0.4a:*:*:*:*:*:*:*",
"matchCriteriaId": "197E7E1C-D545-46FB-890F-B92AB9DA2B94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "986B8670-2341-474D-8477-47627DF1ED02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "908E6F9A-FCE7-48C2-A307-057536944313",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0.6a:*:*:*:*:*:*:*",
"matchCriteriaId": "400521B9-F617-44A5-AF59-3D8DAE78067A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0.7:*:solaris:*:*:*:*:*",
"matchCriteriaId": "10D90491-68DD-44FA-9B5A-81CF19896F45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0.7a:*:*:*:*:*:*:*",
"matchCriteriaId": "78DCE051-78E2-4F35-9598-98C19110ECE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A80A1E8B-43C8-449F-9B16-01F30D23E3D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F49E352F-35C5-4C9A-9B3D-C8C6FC128B35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0.9a:*:*:*:*:*:*:*",
"matchCriteriaId": "CC2A846C-20EC-41A6-BF4C-8FB84C45CEE4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Lotus Domino web server before R5.0.10, when logging to DOMLOG.NSF, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP Authenticate header containing certain non-ASCII characters."
}
],
"id": "CVE-2002-1624",
"lastModified": "2024-11-20T23:41:44.913",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1004052"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/772563"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/6646"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11058"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1004052"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/772563"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/6646"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11058"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-03-03 19:30
Modified
2024-11-21 01:13
Severity ?
Summary
Stack-based buffer overflow in the Lotus Domino Web Access ActiveX control in IBM Lotus iNotes (aka Domino Web Access or DWA) 6.5, 7.0 before 7.0.4, 8.0, 8.0.2, and before 229.281 for Domino 8.0.2 FP4 allows remote attackers to execute arbitrary code via a long URL argument to an unspecified method, aka PRAD7JTNHJ.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | domino_web_access | 6.5 | |
| ibm | domino_web_access | 7.0 | |
| ibm | domino_web_access | 7.0.1 | |
| ibm | domino_web_access | 7.0.2 | |
| ibm | domino_web_access | 7.0.3 | |
| ibm | domino_web_access | 8.0 | |
| ibm | domino_web_access | 8.0.2 | |
| ibm | lotus_inotes | * | |
| ibm | lotus_inotes | 229.011 | |
| ibm | lotus_inotes | 229.021 | |
| ibm | lotus_inotes | 229.031 | |
| ibm | lotus_inotes | 229.041 | |
| ibm | lotus_inotes | 229.051 | |
| ibm | lotus_inotes | 229.061 | |
| ibm | lotus_inotes | 229.101 | |
| ibm | lotus_inotes | 229.111 | |
| ibm | lotus_inotes | 229.131 | |
| ibm | lotus_inotes | 229.141 | |
| ibm | lotus_inotes | 229.151 | |
| ibm | lotus_inotes | 229.161 | |
| ibm | lotus_inotes | 229.171 | |
| ibm | lotus_inotes | 229.181 | |
| ibm | lotus_inotes | 229.191 | |
| ibm | lotus_inotes | 229.201 | |
| ibm | lotus_inotes | 229.211 | |
| ibm | lotus_inotes | 229.221 | |
| ibm | lotus_inotes | 229.231 | |
| ibm | lotus_inotes | 229.241 | |
| ibm | lotus_inotes | 229.251 | |
| ibm | lotus_inotes | 229.261 | |
| ibm | lotus_domino | 8.0.2.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:domino_web_access:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "220211F3-8AF4-419E-BB10-0E954F002DFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:domino_web_access:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4854AD77-45A0-45AB-B9DA-77FFB7531C5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:domino_web_access:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "86A823BB-48B7-4F84-A01A-754987FDBD00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:domino_web_access:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B653AE06-0056-45AA-B321-391EE70532B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:domino_web_access:7.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4D5C812F-4B1E-42A1-A478-978DF925D22D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:domino_web_access:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "723845C5-91E1-4BED-B41F-9E0A0DB629D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:domino_web_access:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DDDCE5E6-F37D-4D1B-B863-E8FE8ABA79E2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DA92AB06-5510-4109-AE3A-75834E5F8A00",
"versionEndIncluding": "229.271",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.011:*:*:*:*:*:*:*",
"matchCriteriaId": "62AF2DA6-98E4-4921-B36C-AA5771B3629E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.021:*:*:*:*:*:*:*",
"matchCriteriaId": "3CC0B87F-B742-466D-BF93-56BFECAC2E54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.031:*:*:*:*:*:*:*",
"matchCriteriaId": "708BEAEF-B186-470D-8148-9C0703B42765",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.041:*:*:*:*:*:*:*",
"matchCriteriaId": "83C58751-33AE-4A3F-A096-AB13FC8A64A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.051:*:*:*:*:*:*:*",
"matchCriteriaId": "01E2E70E-3C00-4AA2-AF8D-349E82806FA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.061:*:*:*:*:*:*:*",
"matchCriteriaId": "3508BE09-6B84-4819-BC0F-7E23964FE29D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.101:*:*:*:*:*:*:*",
"matchCriteriaId": "1A17FFE5-97F5-45D0-8C54-3C22BF1FFA72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.111:*:*:*:*:*:*:*",
"matchCriteriaId": "CE8C8052-8980-4265-929B-E27B6A914B4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.131:*:*:*:*:*:*:*",
"matchCriteriaId": "2D6C0F89-47E6-4895-909D-6AF8DBFE2477",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.141:*:*:*:*:*:*:*",
"matchCriteriaId": "590EBAF8-04A9-4DAD-9FCF-B1B38FF03374",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.151:*:*:*:*:*:*:*",
"matchCriteriaId": "717F7305-98E1-403D-B08A-6FE1FD83D2C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.161:*:*:*:*:*:*:*",
"matchCriteriaId": "3C4B46DA-B4E6-4AB0-AD85-7C77EFE14063",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.171:*:*:*:*:*:*:*",
"matchCriteriaId": "E1862CF3-0BF2-4F1B-80A9-0B5B02005A1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.181:*:*:*:*:*:*:*",
"matchCriteriaId": "1CC9488A-F368-498E-8CDE-2ADC6AED470B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.191:*:*:*:*:*:*:*",
"matchCriteriaId": "A2F8C056-91A2-410B-942A-E108B93AD1E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.201:*:*:*:*:*:*:*",
"matchCriteriaId": "BCD1A2BB-F7FC-4FE1-B633-F0AF79E0F5FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.211:*:*:*:*:*:*:*",
"matchCriteriaId": "805C7074-679E-4F11-A055-8C52B4E26F5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.221:*:*:*:*:*:*:*",
"matchCriteriaId": "840A1975-0C5B-44F0-9F2E-1BBE02AA0484",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.231:*:*:*:*:*:*:*",
"matchCriteriaId": "33A29245-F9DA-4F77-91EE-21C1FA3CE784",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.241:*:*:*:*:*:*:*",
"matchCriteriaId": "B55ED49B-092B-411B-84AE-847770EE096B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.251:*:*:*:*:*:*:*",
"matchCriteriaId": "483C2E2D-424C-453B-9D51-F53C6B32178B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.261:*:*:*:*:*:*:*",
"matchCriteriaId": "4348F385-9AE1-4F8C-9F22-BE50FCA3710B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.0.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F936FD55-AD59-47B3-8591-3F79B2ABB4E9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the Lotus Domino Web Access ActiveX control in IBM Lotus iNotes (aka Domino Web Access or DWA) 6.5, 7.0 before 7.0.4, 8.0, 8.0.2, and before 229.281 for Domino 8.0.2 FP4 allows remote attackers to execute arbitrary code via a long URL argument to an unspecified method, aka PRAD7JTNHJ."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en el control ActiveX Lotus Domino Web Access en IBM Lotus iNotes (alias Domino Web Access o DWA) 6.5, 7.0 en versiones anteriores a la 7.0.4, 8.0, 8.0.2 y en versiones anteriores a la 229.281 para Domino 8.0.2 FP4 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante un argumento URL largo a un m\u00e9todo no especificado, alias PRAD7JTNHJ."
}
],
"id": "CVE-2010-0919",
"lastModified": "2024-11-21T01:13:12.660",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-03-03T19:30:00.743",
"references": [
{
"source": "cve@mitre.org",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=857"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38681"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38744"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38755"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1023662"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21421808"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27018109"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/62612"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/38457"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/38459"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0495"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0496"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56555"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=857"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38681"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38744"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38755"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1023662"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21421808"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27018109"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/62612"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/38457"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/38459"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0495"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0496"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56555"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-01-09 18:30
Modified
2024-11-21 01:11
Severity ?
Summary
Ultra-light Mode in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.241 for Domino 8.0.2 FP3 does not properly handle script commands in the status-alerts URL, which has unspecified impact and attack vectors, aka SPR LSHR7TBM58.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | lotus_inotes | * | |
| ibm | lotus_inotes | 229.011 | |
| ibm | lotus_inotes | 229.021 | |
| ibm | lotus_inotes | 229.031 | |
| ibm | lotus_inotes | 229.041 | |
| ibm | lotus_inotes | 229.051 | |
| ibm | lotus_inotes | 229.061 | |
| ibm | lotus_inotes | 229.101 | |
| ibm | lotus_inotes | 229.111 | |
| ibm | lotus_inotes | 229.131 | |
| ibm | lotus_inotes | 229.141 | |
| ibm | lotus_inotes | 229.151 | |
| ibm | lotus_inotes | 229.161 | |
| ibm | lotus_inotes | 229.171 | |
| ibm | lotus_inotes | 229.181 | |
| ibm | lotus_inotes | 229.191 | |
| ibm | lotus_inotes | 229.201 | |
| ibm | lotus_inotes | 229.211 | |
| ibm | lotus_inotes | 229.221 | |
| ibm | lotus_domino | 8.0.2.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4B327550-1809-4982-A927-48D3392B7A22",
"versionEndIncluding": "229.231",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.011:*:*:*:*:*:*:*",
"matchCriteriaId": "62AF2DA6-98E4-4921-B36C-AA5771B3629E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.021:*:*:*:*:*:*:*",
"matchCriteriaId": "3CC0B87F-B742-466D-BF93-56BFECAC2E54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.031:*:*:*:*:*:*:*",
"matchCriteriaId": "708BEAEF-B186-470D-8148-9C0703B42765",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.041:*:*:*:*:*:*:*",
"matchCriteriaId": "83C58751-33AE-4A3F-A096-AB13FC8A64A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.051:*:*:*:*:*:*:*",
"matchCriteriaId": "01E2E70E-3C00-4AA2-AF8D-349E82806FA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.061:*:*:*:*:*:*:*",
"matchCriteriaId": "3508BE09-6B84-4819-BC0F-7E23964FE29D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.101:*:*:*:*:*:*:*",
"matchCriteriaId": "1A17FFE5-97F5-45D0-8C54-3C22BF1FFA72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.111:*:*:*:*:*:*:*",
"matchCriteriaId": "CE8C8052-8980-4265-929B-E27B6A914B4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.131:*:*:*:*:*:*:*",
"matchCriteriaId": "2D6C0F89-47E6-4895-909D-6AF8DBFE2477",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.141:*:*:*:*:*:*:*",
"matchCriteriaId": "590EBAF8-04A9-4DAD-9FCF-B1B38FF03374",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.151:*:*:*:*:*:*:*",
"matchCriteriaId": "717F7305-98E1-403D-B08A-6FE1FD83D2C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.161:*:*:*:*:*:*:*",
"matchCriteriaId": "3C4B46DA-B4E6-4AB0-AD85-7C77EFE14063",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.171:*:*:*:*:*:*:*",
"matchCriteriaId": "E1862CF3-0BF2-4F1B-80A9-0B5B02005A1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.181:*:*:*:*:*:*:*",
"matchCriteriaId": "1CC9488A-F368-498E-8CDE-2ADC6AED470B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.191:*:*:*:*:*:*:*",
"matchCriteriaId": "A2F8C056-91A2-410B-942A-E108B93AD1E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.201:*:*:*:*:*:*:*",
"matchCriteriaId": "BCD1A2BB-F7FC-4FE1-B633-F0AF79E0F5FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.211:*:*:*:*:*:*:*",
"matchCriteriaId": "805C7074-679E-4F11-A055-8C52B4E26F5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.221:*:*:*:*:*:*:*",
"matchCriteriaId": "840A1975-0C5B-44F0-9F2E-1BBE02AA0484",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D419EFAE-E03F-4F4A-8C18-06BE61EBBF5D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Ultra-light Mode in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.241 for Domino 8.0.2 FP3 does not properly handle script commands in the status-alerts URL, which has unspecified impact and attack vectors, aka SPR LSHR7TBM58."
},
{
"lang": "es",
"value": "Modo Ultra-light en IBM Lotus iNotes (tambi\u00e9n conocido como Domino Web Access o DWA) anterior a v229.241 para Domino v8.0.2 FP3 no maneja adecuadamente secuencias de comando en la URL status-alerts, tiene un impacto y vectores de ataque sin especificar, tambi\u00e9n conocido como SPR LSHR7TBM58."
}
],
"id": "CVE-2010-0275",
"lastModified": "2024-11-21T01:11:53.230",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-01-09T18:30:01.900",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38026"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27017776"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/37675"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0077"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55471"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38026"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27017776"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/37675"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0077"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55471"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-12-21 14:22
Modified
2024-11-21 01:54
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.x before 8.5.3 FP6 and 9.0.x before 9.0.1 allows remote attackers to inject arbitrary web script or HTML via active content in an e-mail message, aka SPRs PTHN9AQMV7 and TCLE98ZKRP.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | lotus_domino | 8.5.3.0 | |
| ibm | lotus_domino | 8.5.3.1 | |
| ibm | lotus_domino | 8.5.3.2 | |
| ibm | lotus_domino | 8.5.3.3 | |
| ibm | lotus_domino | 8.5.3.4 | |
| ibm | lotus_domino | 8.5.3.5 | |
| ibm | lotus_domino | 9.0.0.0 | |
| ibm | lotus_inotes | 8.5.3.0 | |
| ibm | lotus_inotes | 8.5.3.1 | |
| ibm | lotus_inotes | 8.5.3.2 | |
| ibm | lotus_inotes | 8.5.3.3 | |
| ibm | lotus_inotes | 8.5.3.4 | |
| ibm | lotus_inotes | 8.5.3.5 | |
| ibm | lotus_inotes | 9.0.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "350ACC22-669F-4429-A525-36F56EF9678C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3C068055-FB7A-4AFB-AF29-28238ECF126F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1ACB4B2C-CCE1-4A0A-B962-B8C208869589",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BC1A8676-B2CA-49FF-A43E-EAC62170BF82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "71ADC0C5-36E9-426E-B302-56804B1800BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "24863689-9472-4C56-B3A8-3053494437C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:9.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7025B610-6988-4A78-B0ED-6FB728AA6C28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:8.5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "76D0D493-1BFD-4054-BDB0-F338BFAFDC5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:8.5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F088F719-F4BE-4B49-B022-96D43664155B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:8.5.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B7F797B7-C3EA-4A12-8D69-217FBD4B9EB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:8.5.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AFCA4DA1-302C-42AD-9317-DC733A17696B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:8.5.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B102407C-3CCE-45A5-A3A2-9C24D5F4866A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:8.5.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "577AA3FA-31BA-429C-8CE6-B3776F5CF857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:9.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F9B79C2F-8633-47A2-ADB5-FEB0EEB10B90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.x before 8.5.3 FP6 and 9.0.x before 9.0.1 allows remote attackers to inject arbitrary web script or HTML via active content in an e-mail message, aka SPRs PTHN9AQMV7 and TCLE98ZKRP."
},
{
"lang": "es",
"value": "Vulnerabilidad cross-site scripitng (XSS) en iNotes de IBM Domino 8.5.x anteriores a 8.5.3 FP6 y 9.0.x anteriores a 9.0.1 permite a atacantes remotos inyectar script web o HTML a trav\u00e9s de contenido activo en un mensaje de email, tambien conocido como SPRs PTHN9AQMV7 y TCLE98ZKRP."
}
],
"id": "CVE-2013-4063",
"lastModified": "2024-11-21T01:54:48.763",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-12-21T14:22:56.737",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21659959"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86594"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21659959"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86594"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-08-27 03:34
Modified
2024-11-21 01:47
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in iNotes 8.5.x in IBM Lotus Domino 8.5 before 8.5.3 FP5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN95XNR3, a different vulnerability than CVE-2013-0591.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | lotus_domino | 8.5.0 | |
| ibm | lotus_domino | 8.5.0.1 | |
| ibm | lotus_domino | 8.5.1 | |
| ibm | lotus_domino | 8.5.1.1 | |
| ibm | lotus_domino | 8.5.1.2 | |
| ibm | lotus_domino | 8.5.1.3 | |
| ibm | lotus_domino | 8.5.1.4 | |
| ibm | lotus_domino | 8.5.1.5 | |
| ibm | lotus_domino | 8.5.2.0 | |
| ibm | lotus_domino | 8.5.2.1 | |
| ibm | lotus_domino | 8.5.2.2 | |
| ibm | lotus_domino | 8.5.2.3 | |
| ibm | lotus_domino | 8.5.2.4 | |
| ibm | lotus_domino | 8.5.3.0 | |
| ibm | lotus_domino | 8.5.3.1 | |
| ibm | lotus_domino | 8.5.3.2 | |
| ibm | lotus_domino | 8.5.3.3 | |
| ibm | lotus_domino | 8.5.3.4 | |
| ibm | lotus_inotes | 8.5.0.0 | |
| ibm | lotus_inotes | 8.5.1.0 | |
| ibm | lotus_inotes | 8.5.2.0 | |
| ibm | lotus_inotes | 8.5.3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A1588F54-4E8B-43C3-85E5-A12C04B694CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B6DDD0E9-9084-4F0A-B3F1-8357CAD88A3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E0059358-69C1-4F89-B4E6-B6BE22845D33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ECF00AEE-9A3A-46E3-8B0F-2131E3235431",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9861BE52-4945-4F36-B6EF-701DB789CA28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0D6BFA82-5CA0-403F-98E6-342EF87AE366",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "79CBA8AF-9C3D-4510-8D91-7C42931CD3FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6DB694E3-96E1-4283-8DE3-91E930F76A65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EDB2B497-83A2-41A4-9F0D-CD17080CC1DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "91D7FA80-1FD9-48F3-934A-FC7B3BAD4FD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E30C8593-884E-4F6B-B107-0B3276EB1102",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A5B5CCB4-BB4F-4677-A7AA-B7C20682A00D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2408220F-FBDB-419E-8F04-35BED47CE213",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "350ACC22-669F-4429-A525-36F56EF9678C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3C068055-FB7A-4AFB-AF29-28238ECF126F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1ACB4B2C-CCE1-4A0A-B962-B8C208869589",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BC1A8676-B2CA-49FF-A43E-EAC62170BF82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "71ADC0C5-36E9-426E-B302-56804B1800BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:8.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FF04F0F8-E2AC-4080-91CE-E871CF32FBB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:8.5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7FA02A70-D433-4AEB-B7CD-77744E52D280",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:8.5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CA621B45-7747-491D-A983-DD125BEE2753",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:8.5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "76D0D493-1BFD-4054-BDB0-F338BFAFDC5F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in iNotes 8.5.x in IBM Lotus Domino 8.5 before 8.5.3 FP5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN95XNR3, a different vulnerability than CVE-2013-0591."
},
{
"lang": "es",
"value": "Vulnerabilidad Cross-site scripting (XSS) en iNotes v8.5.x en IBM Lotus Domino v8.5 anterior a v8.5.3 FP5, permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores no especificados, tambi\u00e9n conocido como SPR PTHN95XNR3, una vulnerabilidad diferente a CVE-2013-0591."
}
],
"id": "CVE-2013-0590",
"lastModified": "2024-11-21T01:47:48.917",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-08-27T03:34:34.970",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21647740"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83814"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21647740"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83814"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-08-21 10:46
Modified
2024-11-21 01:40
Severity ?
Summary
Multiple CRLF injection vulnerabilities in the HTTP server in IBM Lotus Domino 8.5.x before 8.5.4 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input involving (1) Mozilla Firefox 3.0.9 and earlier or (2) unspecified browsers.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | lotus_domino | 8.5.0 | |
| ibm | lotus_domino | 8.5.0.1 | |
| ibm | lotus_domino | 8.5.1.1 | |
| ibm | lotus_domino | 8.5.1.2 | |
| ibm | lotus_domino | 8.5.1.3 | |
| ibm | lotus_domino | 8.5.1.4 | |
| ibm | lotus_domino | 8.5.1.5 | |
| ibm | lotus_domino | 8.5.2.0 | |
| ibm | lotus_domino | 8.5.2.1 | |
| ibm | lotus_domino | 8.5.2.2 | |
| ibm | lotus_domino | 8.5.2.3 | |
| ibm | lotus_domino | 8.5.2.4 | |
| ibm | lotus_domino | 8.5.3.0 | |
| ibm | lotus_domino | 8.5.3.1 | |
| ibm | lotus_domino | 8.5.3.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A1588F54-4E8B-43C3-85E5-A12C04B694CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B6DDD0E9-9084-4F0A-B3F1-8357CAD88A3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ECF00AEE-9A3A-46E3-8B0F-2131E3235431",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9861BE52-4945-4F36-B6EF-701DB789CA28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0D6BFA82-5CA0-403F-98E6-342EF87AE366",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "79CBA8AF-9C3D-4510-8D91-7C42931CD3FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6DB694E3-96E1-4283-8DE3-91E930F76A65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EDB2B497-83A2-41A4-9F0D-CD17080CC1DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "91D7FA80-1FD9-48F3-934A-FC7B3BAD4FD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E30C8593-884E-4F6B-B107-0B3276EB1102",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A5B5CCB4-BB4F-4677-A7AA-B7C20682A00D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2408220F-FBDB-419E-8F04-35BED47CE213",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "350ACC22-669F-4429-A525-36F56EF9678C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3C068055-FB7A-4AFB-AF29-28238ECF126F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1ACB4B2C-CCE1-4A0A-B962-B8C208869589",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple CRLF injection vulnerabilities in the HTTP server in IBM Lotus Domino 8.5.x before 8.5.4 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input involving (1) Mozilla Firefox 3.0.9 and earlier or (2) unspecified browsers."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n CRLF en el servidor HTTP en IBM Lotus Domino v8.5.x anterior a v8.5.4 permite a atacantes remotos inyectar cabeceras HTTP arbitrarias y llevar a cabo ataques de divisi\u00f3n de respuesta que involucran (1)Mozilla Firefox v3.0.9 y anteriores o (2) otros navegadores no especificados."
}
],
"id": "CVE-2012-3301",
"lastModified": "2024-11-21T01:40:36.653",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-08-21T10:46:10.700",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://websecurity.com.ua/5839/"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21608160"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77400"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://websecurity.com.ua/5839/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21608160"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77400"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-03-27 12:23
Modified
2024-11-21 01:47
Severity ?
Summary
Memory leak in the HTTP server in IBM Domino 8.5.x allows remote attackers to cause a denial of service (memory consumption and daemon crash) via GET requests, aka SPR KLYH92NKZY.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | lotus_domino | 8.5.0 | |
| ibm | lotus_domino | 8.5.0.1 | |
| ibm | lotus_domino | 8.5.1 | |
| ibm | lotus_domino | 8.5.1.1 | |
| ibm | lotus_domino | 8.5.1.2 | |
| ibm | lotus_domino | 8.5.1.3 | |
| ibm | lotus_domino | 8.5.1.4 | |
| ibm | lotus_domino | 8.5.1.5 | |
| ibm | lotus_domino | 8.5.2.0 | |
| ibm | lotus_domino | 8.5.2.1 | |
| ibm | lotus_domino | 8.5.2.2 | |
| ibm | lotus_domino | 8.5.2.3 | |
| ibm | lotus_domino | 8.5.2.4 | |
| ibm | lotus_domino | 8.5.3.0 | |
| ibm | lotus_domino | 8.5.3.1 | |
| ibm | lotus_domino | 8.5.3.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A1588F54-4E8B-43C3-85E5-A12C04B694CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B6DDD0E9-9084-4F0A-B3F1-8357CAD88A3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E0059358-69C1-4F89-B4E6-B6BE22845D33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ECF00AEE-9A3A-46E3-8B0F-2131E3235431",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9861BE52-4945-4F36-B6EF-701DB789CA28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0D6BFA82-5CA0-403F-98E6-342EF87AE366",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "79CBA8AF-9C3D-4510-8D91-7C42931CD3FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6DB694E3-96E1-4283-8DE3-91E930F76A65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EDB2B497-83A2-41A4-9F0D-CD17080CC1DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "91D7FA80-1FD9-48F3-934A-FC7B3BAD4FD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E30C8593-884E-4F6B-B107-0B3276EB1102",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A5B5CCB4-BB4F-4677-A7AA-B7C20682A00D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2408220F-FBDB-419E-8F04-35BED47CE213",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "350ACC22-669F-4429-A525-36F56EF9678C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3C068055-FB7A-4AFB-AF29-28238ECF126F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1ACB4B2C-CCE1-4A0A-B962-B8C208869589",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Memory leak in the HTTP server in IBM Domino 8.5.x allows remote attackers to cause a denial of service (memory consumption and daemon crash) via GET requests, aka SPR KLYH92NKZY."
},
{
"lang": "es",
"value": "Fuga de memoria en el servidor HTTP IBM Domino 8.5.x, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (consumo de memoria y ca\u00edda de demonio) a trav\u00e9s de peticiones GET. Aka SPR KLYH92NKZY."
}
],
"id": "CVE-2013-0486",
"lastModified": "2024-11-21T01:47:40.510",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-03-27T12:23:46.073",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://jvn.jp/en/jp/JVN51305555/index.html"
},
{
"source": "psirt@us.ibm.com",
"url": "http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000030.html"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21627597"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81812"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN51305555/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000030.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21627597"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81812"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-10-22 22:55
Modified
2024-11-21 01:57
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.3 before FP5 IF2 and 9.0 before IF5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN9AYK2X.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | lotus_domino | 8.5.3.0 | |
| ibm | lotus_domino | 9.0.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "350ACC22-669F-4429-A525-36F56EF9678C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:9.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7025B610-6988-4A78-B0ED-6FB728AA6C28",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.3 before FP5 IF2 and 9.0 before IF5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN9AYK2X."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en iNotes de IBM Domino 8.5.3 anterior a FP5 IF2 y 9.0 anterior a IF5 permite a atacantes remotos inyectar script web arbitrario o HTML a trav\u00e9s de vectores sin especificar, aka SPR PTHN9AYK2X."
}
],
"id": "CVE-2013-5389",
"lastModified": "2024-11-21T01:57:24.037",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-10-22T22:55:07.330",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21653149"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87125"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21653149"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87125"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-01-09 18:30
Modified
2024-11-21 01:10
Severity ?
Summary
Unspecified vulnerability in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.131 for Domino 8.0.x has unknown impact and attack vectors, aka SPR SDOY7RHBNH.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | lotus_inotes | * | |
| ibm | lotus_inotes | 229.011 | |
| ibm | lotus_inotes | 229.021 | |
| ibm | lotus_inotes | 229.031 | |
| ibm | lotus_inotes | 229.041 | |
| ibm | lotus_inotes | 229.051 | |
| ibm | lotus_inotes | 229.061 | |
| ibm | lotus_inotes | 229.101 | |
| ibm | lotus_domino | 8.0.1 | |
| ibm | lotus_domino | 8.0.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E0245DD-72A1-4B71-9B0C-CD339FBA2EE5",
"versionEndIncluding": "229.111",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.011:*:*:*:*:*:*:*",
"matchCriteriaId": "62AF2DA6-98E4-4921-B36C-AA5771B3629E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.021:*:*:*:*:*:*:*",
"matchCriteriaId": "3CC0B87F-B742-466D-BF93-56BFECAC2E54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.031:*:*:*:*:*:*:*",
"matchCriteriaId": "708BEAEF-B186-470D-8148-9C0703B42765",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.041:*:*:*:*:*:*:*",
"matchCriteriaId": "83C58751-33AE-4A3F-A096-AB13FC8A64A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.051:*:*:*:*:*:*:*",
"matchCriteriaId": "01E2E70E-3C00-4AA2-AF8D-349E82806FA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.061:*:*:*:*:*:*:*",
"matchCriteriaId": "3508BE09-6B84-4819-BC0F-7E23964FE29D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.101:*:*:*:*:*:*:*",
"matchCriteriaId": "1A17FFE5-97F5-45D0-8C54-3C22BF1FFA72",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CE8510F6-D054-488E-99E9-A58272C47AA3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "15DB2AF7-B494-4494-8686-33CB6A4C2CDC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.131 for Domino 8.0.x has unknown impact and attack vectors, aka SPR SDOY7RHBNH."
},
{
"lang": "es",
"value": "Vulnerabilidad sin especificar en IBM Lotus iNotes (tambi\u00e9n conocido como Domino Web Access o DWA) anterior a v229.131 para Domino v8.0.x tiene un impacto y vectores de ataque desconocidos, tambi\u00e9n conocido como SPR SDOY7RHBNH."
}
],
"id": "CVE-2009-4594",
"lastModified": "2024-11-21T01:10:00.327",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-01-09T18:30:01.637",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27015942"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27016085"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27017776"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55548"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27015942"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27016085"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27017776"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55548"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-08-27 03:34
Modified
2024-11-21 01:47
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in iNotes 8.5.x in IBM Lotus Domino 8.5 before 8.5.3 FP5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN95XNR3, a different vulnerability than CVE-2013-0590.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | lotus_domino | 8.5.0 | |
| ibm | lotus_domino | 8.5.0.1 | |
| ibm | lotus_domino | 8.5.1 | |
| ibm | lotus_domino | 8.5.1.1 | |
| ibm | lotus_domino | 8.5.1.2 | |
| ibm | lotus_domino | 8.5.1.3 | |
| ibm | lotus_domino | 8.5.1.4 | |
| ibm | lotus_domino | 8.5.1.5 | |
| ibm | lotus_domino | 8.5.2.0 | |
| ibm | lotus_domino | 8.5.2.1 | |
| ibm | lotus_domino | 8.5.2.2 | |
| ibm | lotus_domino | 8.5.2.3 | |
| ibm | lotus_domino | 8.5.2.4 | |
| ibm | lotus_domino | 8.5.3.0 | |
| ibm | lotus_domino | 8.5.3.1 | |
| ibm | lotus_domino | 8.5.3.2 | |
| ibm | lotus_domino | 8.5.3.3 | |
| ibm | lotus_domino | 8.5.3.4 | |
| ibm | lotus_inotes | 8.5.0.0 | |
| ibm | lotus_inotes | 8.5.1.0 | |
| ibm | lotus_inotes | 8.5.2.0 | |
| ibm | lotus_inotes | 8.5.3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A1588F54-4E8B-43C3-85E5-A12C04B694CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B6DDD0E9-9084-4F0A-B3F1-8357CAD88A3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E0059358-69C1-4F89-B4E6-B6BE22845D33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ECF00AEE-9A3A-46E3-8B0F-2131E3235431",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9861BE52-4945-4F36-B6EF-701DB789CA28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0D6BFA82-5CA0-403F-98E6-342EF87AE366",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "79CBA8AF-9C3D-4510-8D91-7C42931CD3FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6DB694E3-96E1-4283-8DE3-91E930F76A65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EDB2B497-83A2-41A4-9F0D-CD17080CC1DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "91D7FA80-1FD9-48F3-934A-FC7B3BAD4FD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E30C8593-884E-4F6B-B107-0B3276EB1102",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A5B5CCB4-BB4F-4677-A7AA-B7C20682A00D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2408220F-FBDB-419E-8F04-35BED47CE213",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "350ACC22-669F-4429-A525-36F56EF9678C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3C068055-FB7A-4AFB-AF29-28238ECF126F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1ACB4B2C-CCE1-4A0A-B962-B8C208869589",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BC1A8676-B2CA-49FF-A43E-EAC62170BF82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "71ADC0C5-36E9-426E-B302-56804B1800BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:8.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FF04F0F8-E2AC-4080-91CE-E871CF32FBB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:8.5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7FA02A70-D433-4AEB-B7CD-77744E52D280",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:8.5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CA621B45-7747-491D-A983-DD125BEE2753",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:8.5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "76D0D493-1BFD-4054-BDB0-F338BFAFDC5F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in iNotes 8.5.x in IBM Lotus Domino 8.5 before 8.5.3 FP5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN95XNR3, a different vulnerability than CVE-2013-0590."
},
{
"lang": "es",
"value": "Vulnerabilidad Cross-site scripting (XSS) en iNotes v8.5.x en IBM Lotus Domino v8.5 anterior a v8.5.3 FP5, permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores no especificados, tambi\u00e9n conocido como SPR PTHN95XNR3, una vulnerabilidad diferente a CVE-2013-0590."
}
],
"id": "CVE-2013-0591",
"lastModified": "2024-11-21T01:47:49.027",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-08-27T03:34:34.993",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21647740"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83381"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21647740"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83381"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-03-18 05:00
Modified
2024-11-20 23:44
Severity ?
Summary
Buffer overflow in Notes server before Lotus Notes R4, R5 before 5.0.11, and early R6 allows remote attackers to execute arbitrary code via a long distinguished name (DN) during NotesRPC authentication and an outer field length that is less than that of the DN field.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | lotus_domino | 4.6.1 | |
| ibm | lotus_domino | 4.6.3 | |
| ibm | lotus_domino | 4.6.4 | |
| ibm | lotus_domino | 5.0 | |
| ibm | lotus_domino | 5.0.1 | |
| ibm | lotus_domino | 5.0.2 | |
| ibm | lotus_domino | 5.0.3 | |
| ibm | lotus_domino | 5.0.4 | |
| ibm | lotus_domino | 5.0.4a | |
| ibm | lotus_domino | 5.0.5 | |
| ibm | lotus_domino | 5.0.6 | |
| ibm | lotus_domino | 5.0.6a | |
| ibm | lotus_domino | 5.0.7a | |
| ibm | lotus_domino | 5.0.8 | |
| ibm | lotus_domino | 5.0.8a | |
| ibm | lotus_domino | 5.0.9 | |
| ibm | lotus_domino | 5.0.9a | |
| ibm | lotus_domino | 5.0.10 | |
| ibm | lotus_domino | 5.0.11 | |
| ibm | lotus_notes_client | 5.0 | |
| ibm | lotus_notes_client | 5.0.1 | |
| ibm | lotus_notes_client | 5.0.2 | |
| ibm | lotus_notes_client | 5.0.3 | |
| ibm | lotus_notes_client | 5.0.4 | |
| ibm | lotus_notes_client | 5.0.5 | |
| ibm | lotus_notes_client | 5.0.9a | |
| ibm | lotus_notes_client | 5.0.10 | |
| ibm | lotus_notes_client | 5.0.11 | |
| ibm | lotus_notes_client | r5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:4.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "51C33E15-C92F-4F22-9593-EFFE9F033730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:4.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5C91500D-E91E-4776-9F51-34E7EBB8F031",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:4.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F5441972-4038-4845-9B35-EF35C0053EB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3264F8E8-C40A-4C5C-BF2C-BD4690FE7EC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF9513C4-3F02-4C32-AD91-C4A5941A5A5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E570AFE6-CEAF-4F6F-81D3-CFFAAA8D5109",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CF6B527E-B1FE-41A3-A274-7BE2E893E6AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "92B419CE-813B-42AA-9E06-2059F7DEE669",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0.4a:*:*:*:*:*:*:*",
"matchCriteriaId": "197E7E1C-D545-46FB-890F-B92AB9DA2B94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "986B8670-2341-474D-8477-47627DF1ED02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "908E6F9A-FCE7-48C2-A307-057536944313",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0.6a:*:*:*:*:*:*:*",
"matchCriteriaId": "400521B9-F617-44A5-AF59-3D8DAE78067A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0.7a:*:*:*:*:*:*:*",
"matchCriteriaId": "78DCE051-78E2-4F35-9598-98C19110ECE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A80A1E8B-43C8-449F-9B16-01F30D23E3D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0.8a:*:*:*:*:*:*:*",
"matchCriteriaId": "A5E9D813-6EDD-48A0-9A2D-E08207F25AB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F49E352F-35C5-4C9A-9B3D-C8C6FC128B35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0.9a:*:*:*:*:*:*:*",
"matchCriteriaId": "CC2A846C-20EC-41A6-BF4C-8FB84C45CEE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "2E0761E0-E899-413E-97CF-23BDA9395B15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8471D114-204C-4B44-B0BE-C86226D8A5A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes_client:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16FA46F1-4A78-4091-8498-8D4C4F946A9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes_client:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AEF03B36-AEE4-4A40-B7B6-4EAB2552C1E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes_client:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FE6FD2E2-5454-4054-9482-93D698AA1840",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes_client:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5E2E4D7A-ACD2-482D-B3E4-FFEA47040E00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes_client:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B0D185EB-F565-4D06-949F-27B44267E2CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes_client:5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "006538A8-3D1F-405F-A493-A2DF0693D190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes_client:5.0.9a:*:*:*:*:*:*:*",
"matchCriteriaId": "386C3C61-940D-4DCA-BB08-D47924759DC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes_client:5.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F7987AAB-0035-4BFB-A4E9-E56D19BB7774",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes_client:5.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "3306F4C6-1D42-47A9-9286-F05F15DC971F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes_client:r5:*:*:*:*:*:*:*",
"matchCriteriaId": "49557BEE-0FED-4F45-89C3-5DCBD2C7851D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Notes server before Lotus Notes R4, R5 before 5.0.11, and early R6 allows remote attackers to execute arbitrary code via a long distinguished name (DN) during NotesRPC authentication and an outer field length that is less than that of the DN field."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en el servidor de Lotus Notes R4, R5 anteriores a 5.0.11 y betas de R6 permite a atacantes remotos ejecutar c\u00f3digo arbitrario mediante un nombre distinguido (DN) largo durante la autenticaci\u00f3n NotesRPC y una longitud externa del campo menor que la del campo DN."
}
],
"id": "CVE-2003-0122",
"lastModified": "2024-11-20T23:44:00.620",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-03-18T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0125.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104757319829443\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www-1.ibm.com/support/docview.wss?rs=482\u0026q=Domino\u0026uid=swg21105101"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2003-11.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.ciac.org/ciac/bulletins/n-065.shtml"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/433489"
},
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
],
"url": "http://www.rapid7.com/advisories/R7-0010.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/7037"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11526"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0125.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104757319829443\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www-1.ibm.com/support/docview.wss?rs=482\u0026q=Domino\u0026uid=swg21105101"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2003-11.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.ciac.org/ciac/bulletins/n-065.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/433489"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://www.rapid7.com/advisories/R7-0010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/7037"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11526"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-03-27 12:23
Modified
2024-11-21 01:47
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in webadmin.nsf (aka the Web Administrator client) in IBM Domino 8.5.x allows remote authenticated users to hijack the authentication of administrators.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | lotus_domino | 8.5.0 | |
| ibm | lotus_domino | 8.5.0.1 | |
| ibm | lotus_domino | 8.5.1 | |
| ibm | lotus_domino | 8.5.1.1 | |
| ibm | lotus_domino | 8.5.1.2 | |
| ibm | lotus_domino | 8.5.1.3 | |
| ibm | lotus_domino | 8.5.1.4 | |
| ibm | lotus_domino | 8.5.1.5 | |
| ibm | lotus_domino | 8.5.2.0 | |
| ibm | lotus_domino | 8.5.2.1 | |
| ibm | lotus_domino | 8.5.2.2 | |
| ibm | lotus_domino | 8.5.2.3 | |
| ibm | lotus_domino | 8.5.2.4 | |
| ibm | lotus_domino | 8.5.3.0 | |
| ibm | lotus_domino | 8.5.3.1 | |
| ibm | lotus_domino | 8.5.3.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A1588F54-4E8B-43C3-85E5-A12C04B694CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B6DDD0E9-9084-4F0A-B3F1-8357CAD88A3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E0059358-69C1-4F89-B4E6-B6BE22845D33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ECF00AEE-9A3A-46E3-8B0F-2131E3235431",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9861BE52-4945-4F36-B6EF-701DB789CA28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0D6BFA82-5CA0-403F-98E6-342EF87AE366",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "79CBA8AF-9C3D-4510-8D91-7C42931CD3FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6DB694E3-96E1-4283-8DE3-91E930F76A65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EDB2B497-83A2-41A4-9F0D-CD17080CC1DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "91D7FA80-1FD9-48F3-934A-FC7B3BAD4FD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E30C8593-884E-4F6B-B107-0B3276EB1102",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A5B5CCB4-BB4F-4677-A7AA-B7C20682A00D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2408220F-FBDB-419E-8F04-35BED47CE213",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "350ACC22-669F-4429-A525-36F56EF9678C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3C068055-FB7A-4AFB-AF29-28238ECF126F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1ACB4B2C-CCE1-4A0A-B962-B8C208869589",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in webadmin.nsf (aka the Web Administrator client) in IBM Domino 8.5.x allows remote authenticated users to hijack the authentication of administrators."
},
{
"lang": "es",
"value": "Vulnerabilidad CSRF en webadmin.nsf (Aka el cliente Web Administrator) en IBM Domino 8.5.x, permite a usuarios autenticados remotamente secuestrar la autenticaci\u00f3n de los administradores."
}
],
"id": "CVE-2013-0489",
"lastModified": "2024-11-21T01:47:40.843",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-03-27T12:23:46.180",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21627597"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81854"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21627597"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81854"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-03-27 12:23
Modified
2024-11-21 01:47
Severity ?
Summary
The Java Console in IBM Domino 8.5.x allows remote authenticated users to hijack temporary credentials by leveraging knowledge of configuration details, aka SPR KLYH8TNNDN.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | lotus_domino | 8.5.0 | |
| ibm | lotus_domino | 8.5.0.1 | |
| ibm | lotus_domino | 8.5.1 | |
| ibm | lotus_domino | 8.5.1.1 | |
| ibm | lotus_domino | 8.5.1.2 | |
| ibm | lotus_domino | 8.5.1.3 | |
| ibm | lotus_domino | 8.5.1.4 | |
| ibm | lotus_domino | 8.5.1.5 | |
| ibm | lotus_domino | 8.5.2.0 | |
| ibm | lotus_domino | 8.5.2.1 | |
| ibm | lotus_domino | 8.5.2.2 | |
| ibm | lotus_domino | 8.5.2.3 | |
| ibm | lotus_domino | 8.5.2.4 | |
| ibm | lotus_domino | 8.5.3.0 | |
| ibm | lotus_domino | 8.5.3.1 | |
| ibm | lotus_domino | 8.5.3.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A1588F54-4E8B-43C3-85E5-A12C04B694CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B6DDD0E9-9084-4F0A-B3F1-8357CAD88A3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E0059358-69C1-4F89-B4E6-B6BE22845D33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ECF00AEE-9A3A-46E3-8B0F-2131E3235431",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9861BE52-4945-4F36-B6EF-701DB789CA28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0D6BFA82-5CA0-403F-98E6-342EF87AE366",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "79CBA8AF-9C3D-4510-8D91-7C42931CD3FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6DB694E3-96E1-4283-8DE3-91E930F76A65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EDB2B497-83A2-41A4-9F0D-CD17080CC1DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "91D7FA80-1FD9-48F3-934A-FC7B3BAD4FD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E30C8593-884E-4F6B-B107-0B3276EB1102",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A5B5CCB4-BB4F-4677-A7AA-B7C20682A00D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2408220F-FBDB-419E-8F04-35BED47CE213",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "350ACC22-669F-4429-A525-36F56EF9678C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3C068055-FB7A-4AFB-AF29-28238ECF126F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1ACB4B2C-CCE1-4A0A-B962-B8C208869589",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Java Console in IBM Domino 8.5.x allows remote authenticated users to hijack temporary credentials by leveraging knowledge of configuration details, aka SPR KLYH8TNNDN."
},
{
"lang": "es",
"value": "La Java Console en IBM Domino 8.5.x, permite a usuarios autenticados remotamente secuestrar credenciales temporalmente aprovechando el conocimiento sobre los detalles de los archivos de configuraci\u00f3n. Aka aka SPR KLYH8TNNDN."
}
],
"id": "CVE-2013-0487",
"lastModified": "2024-11-21T01:47:40.623",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-03-27T12:23:46.113",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21627597"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81852"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21627597"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81852"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-10-29 21:46
Modified
2024-11-21 00:38
Severity ?
Summary
The Evaluate LotusScript method in IBM Lotus Domino before 7.0.3 uses an incorrect security context for @ formula commands in some circumstances, which might allow remote authenticated users to gain privileges and obtain sensitive information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | lotus_domino | 6.5.5 | |
| ibm | lotus_domino | 6.5.5 | |
| ibm | lotus_domino | 6.5.5 | |
| ibm | lotus_domino | 6.5.5 | |
| ibm | lotus_domino | 6.5.6 | |
| ibm | lotus_domino | 6.5.6 | |
| ibm | lotus_domino | 7.0 | |
| ibm | lotus_domino | 7.0.2 | |
| ibm | lotus_domino | 7.0.2 | |
| ibm | lotus_domino | 7.0.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C709D66D-3AE7-48B7-9E27-5D1FE452643C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.5:*:fp1:*:*:*:*:*",
"matchCriteriaId": "7B0B5F96-0762-45D3-B13E-1E4ED04AD69D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.5:*:fp2:*:*:*:*:*",
"matchCriteriaId": "DB1EA406-6488-46C0-B857-0BFFAA65B258",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.5:*:fp3:*:*:*:*:*",
"matchCriteriaId": "D36E3D33-5A60-4846-BED2-8BF3AFC9BBE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FB5AE863-C29F-4D32-8845-2D2426085071",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.6:*:fp1:*:*:*:*:*",
"matchCriteriaId": "1DD8A9BA-5E05-47D8-9C15-60A49A3C3141",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8FDDB5FD-9152-4A9C-829B-8BA2ACB3A5A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "69495B18-39A4-443F-A724-F713C4DD14A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:7.0.2:*:fp1:*:*:*:*:*",
"matchCriteriaId": "4A7F62D7-8225-4B84-A3CE-B91616B5AAD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:7.0.2:*:fp2:*:*:*:*:*",
"matchCriteriaId": "82718D37-02FA-4EA0-ABB6-167B5A0A2F0B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Evaluate LotusScript method in IBM Lotus Domino before 7.0.3 uses an incorrect security context for @ formula commands in some circumstances, which might allow remote authenticated users to gain privileges and obtain sensitive information."
},
{
"lang": "es",
"value": "El m\u00e9todo Evaluate LotusScript de IBM Lotus Domino versiones anteriores a 7.0.3 utiliza un contexto de seguridad incorrecto para comandos de f\u00f3rumla @ en algunas circustancias, lo cual podr\u00eda permitir a usuarios remotos autenticados obtener privilegios y conseguir informaci\u00f3n confidencial. \r\n"
}
],
"id": "CVE-2007-5700",
"lastModified": "2024-11-21T00:38:29.563",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-10-29T21:46:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/40951"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27321"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21273266"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/26176"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/3598"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37369"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/40951"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27321"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21273266"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/26176"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/3598"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37369"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-03-22 17:55
Modified
2024-11-21 01:11
Severity ?
Summary
Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.11 services for Lotus Domino might allow remote authenticated users to cause a denial of service (daemon crash) by accessing an entry in a calendar, aka SPR MZHA7SEBJX.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | lotus_quickr | 8.1 | |
| ibm | lotus_domino | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_quickr:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "83B3B388-0438-4806-9F21-2170428739DF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BE9179CA-5855-4F19-BAA6-D0A6DF468B9B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.11 services for Lotus Domino might allow remote authenticated users to cause a denial of service (daemon crash) by accessing an entry in a calendar, aka SPR MZHA7SEBJX."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en IBM Lotus Quickr v8.1 anterior a v8.1.0.11, servicios para Lotus Domino podr\u00eda permitir a usuarios remotos autenticados causar una denegaci\u00f3n de servicio (ca\u00edda del demonio) mediante el acceso a una entrada en un calendario, tambi\u00e9n conocido como SPR MZHA7SEBJX."
}
],
"id": "CVE-2009-5060",
"lastModified": "2024-11-21T01:11:05.790",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-03-22T17:55:01.173",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27013341"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27013341"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-02-08 22:00
Modified
2024-11-21 01:25
Severity ?
Summary
Buffer overflow in nLDAP.exe in IBM Lotus Domino allows remote attackers to execute arbitrary code via a long string in an LDAP Bind operation, aka SPR KLYH87LMVX.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | lotus_domino | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BE9179CA-5855-4F19-BAA6-D0A6DF468B9B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in nLDAP.exe in IBM Lotus Domino allows remote attackers to execute arbitrary code via a long string in an LDAP Bind operation, aka SPR KLYH87LMVX."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en nLDAP.exe en IBM Lotus Domino permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de una operaci\u00f3n \"LDAP Bind\", tambi\u00e9n conocido como SPR KLYH87LMVX."
}
],
"id": "CVE-2011-0917",
"lastModified": "2024-11-21T01:25:09.690",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-02-08T22:00:02.743",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/43224"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21461514"
},
{
"source": "cve@mitre.org",
"url": "http://www.exploit-db.com/exploits/16190/"
},
{
"source": "cve@mitre.org",
"url": "http://www.protekresearchlab.com/index.php?option=com_content\u0026view=article\u0026id=23\u0026Itemid=23"
},
{
"source": "cve@mitre.org",
"url": "http://zerodayinitiative.com/advisories/ZDI-11-047/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/43224"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21461514"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.exploit-db.com/exploits/16190/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.protekresearchlab.com/index.php?option=com_content\u0026view=article\u0026id=23\u0026Itemid=23"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://zerodayinitiative.com/advisories/ZDI-11-047/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-01-20 16:30
Modified
2024-11-21 01:12
Severity ?
Summary
Heap-based buffer overflow in the server in IBM Lotus Domino 7 and 8.5 FP1 allows remote attackers to cause a denial of service (daemon exit) and possibly have unspecified other impact via a long string in a crafted LDAP message to a TCP port, a different vulnerability than CVE-2009-3087.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | lotus_domino | 7.0 | |
| ibm | lotus_domino | 8.5.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8FDDB5FD-9152-4A9C-829B-8BA2ACB3A5A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B6DDD0E9-9084-4F0A-B3F1-8357CAD88A3E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the server in IBM Lotus Domino 7 and 8.5 FP1 allows remote attackers to cause a denial of service (daemon exit) and possibly have unspecified other impact via a long string in a crafted LDAP message to a TCP port, a different vulnerability than CVE-2009-3087."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en el servidor IBM Lotus Domino v7 y v8.5 FP1 permite a atacantes remotos producir una denegaci\u00f3n de servicio (salida del demonio) y posiblemente obtener un impacto desconocido a trav\u00e9s de una cadena larga en un mensaje LDAP manipulado hacia un puerto TCP, una vulnerabilidad diferente de CVE-2009-3087."
}
],
"id": "CVE-2010-0358",
"lastModified": "2024-11-21T01:12:03.000",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-01-20T16:30:00.493",
"references": [
{
"source": "cve@mitre.org",
"url": "http://intevydis.blogspot.com/2010/01/lotus-domino-7-probably-8-ldap-heap.html"
},
{
"source": "cve@mitre.org",
"url": "http://intevydis.com/vd-list.shtml"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1023456"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://intevydis.blogspot.com/2010/01/lotus-domino-7-probably-8-ldap-heap.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://intevydis.com/vd-list.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1023456"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-12-27 11:55
Modified
2024-11-21 01:26
Severity ?
Summary
Unspecified vulnerability in the authentication functionality in the server in IBM Lotus Domino 8.x before 8.5.2 FP4 allows remote attackers to cause a denial of service (daemon crash) via a crafted Notes RPC packet.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | lotus_domino | * | |
| ibm | lotus_domino | 8.0 | |
| ibm | lotus_domino | 8.0.1 | |
| ibm | lotus_domino | 8.0.2 | |
| ibm | lotus_domino | 8.0.2.1 | |
| ibm | lotus_domino | 8.0.2.2 | |
| ibm | lotus_domino | 8.0.2.3 | |
| ibm | lotus_domino | 8.0.2.4 | |
| ibm | lotus_domino | 8.0.2.5 | |
| ibm | lotus_domino | 8.0.2.6 | |
| ibm | lotus_domino | 8.0.5 | |
| ibm | lotus_domino | 8.5.0 | |
| ibm | lotus_domino | 8.5.1 | |
| ibm | lotus_domino | 8.5.1.1 | |
| ibm | lotus_domino | 8.5.1.2 | |
| ibm | lotus_domino | 8.5.1.3 | |
| ibm | lotus_domino | 8.5.1.4 | |
| ibm | lotus_domino | 8.5.1.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:*:fp3:*:*:*:*:*:*",
"matchCriteriaId": "EA456F3C-4ADD-4CCB-AF32-65619A3CDB7C",
"versionEndIncluding": "8.5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6C3DB9C3-4DAC-4663-9097-95600E13FCDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CE8510F6-D054-488E-99E9-A58272C47AA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "15DB2AF7-B494-4494-8686-33CB6A4C2CDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6FD6A3A3-6D6C-4EE0-B092-862DB03AC320",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1D2A467B-72FA-4280-A397-BC9D86D5B012",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D419EFAE-E03F-4F4A-8C18-06BE61EBBF5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.0.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F936FD55-AD59-47B3-8591-3F79B2ABB4E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.0.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E2FDC12D-2B2F-4967-8863-95A0F5AC2F21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.0.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E99A0A69-D443-469D-BDAB-F0250420C128",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "795C08AC-CF7C-4012-BCF0-47C6779603E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A1588F54-4E8B-43C3-85E5-A12C04B694CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E0059358-69C1-4F89-B4E6-B6BE22845D33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ECF00AEE-9A3A-46E3-8B0F-2131E3235431",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9861BE52-4945-4F36-B6EF-701DB789CA28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0D6BFA82-5CA0-403F-98E6-342EF87AE366",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "79CBA8AF-9C3D-4510-8D91-7C42931CD3FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6DB694E3-96E1-4283-8DE3-91E930F76A65",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the authentication functionality in the server in IBM Lotus Domino 8.x before 8.5.2 FP4 allows remote attackers to cause a denial of service (daemon crash) via a crafted Notes RPC packet."
},
{
"lang": "es",
"value": "Vulnerabilidad sin especificar en la funcionalidad de autenticaci\u00f3n en el servidor de IBM Lotus Domino 8.x anteriores a 8.5.2 FP4 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda del demonio) a trav\u00e9s de un paquete RPC Notes modificado."
}
],
"id": "CVE-2011-1393",
"lastModified": "2024-11-21T01:26:12.660",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-12-27T11:55:06.517",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/47331"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21575247"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/77990"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71805"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/47331"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21575247"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/77990"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71805"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-02-08 22:00
Modified
2024-11-21 01:25
Severity ?
Summary
Stack-based buffer overflow in the SMTP service in IBM Lotus Domino allows remote attackers to execute arbitrary code via long arguments in a filename parameter in a malformed MIME e-mail message, aka SPR KLYH889M8H.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | lotus_domino | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BE9179CA-5855-4F19-BAA6-D0A6DF468B9B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the SMTP service in IBM Lotus Domino allows remote attackers to execute arbitrary code via long arguments in a filename parameter in a malformed MIME e-mail message, aka SPR KLYH889M8H."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en el servicio SMTP en IBM Lotus Domino, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de largos argumentos en un par\u00e1metro de nombre de archivo con un mensaje de correo electr\u00f3nico MIME mal formado."
}
],
"id": "CVE-2011-0916",
"lastModified": "2024-11-21T01:25:09.530",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-02-08T22:00:02.667",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/43247"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21461514"
},
{
"source": "cve@mitre.org",
"url": "http://zerodayinitiative.com/advisories/ZDI-11-049/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/43247"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21461514"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://zerodayinitiative.com/advisories/ZDI-11-049/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-03-29 21:19
Modified
2024-11-21 00:16
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Active Content Filter feature in IBM Lotus Domino before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to inject arbitrary web script or HTML via unspecified "code sequences" that bypass the protection scheme.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | lotus_domino | 6.5.0 | |
| ibm | lotus_domino | 6.5.1 | |
| ibm | lotus_domino | 6.5.2 | |
| ibm | lotus_domino | 6.5.3 | |
| ibm | lotus_domino | 6.5.4 | |
| ibm | lotus_domino | 6.5.4 | |
| ibm | lotus_domino | 6.5.4 | |
| ibm | lotus_domino | 6.5.5 | |
| ibm | lotus_domino | 6.5.5 | |
| ibm | lotus_domino | 6.5.5 | |
| ibm | lotus_domino | 7.0 | |
| ibm | lotus_domino | 7.0.1 | |
| ibm | lotus_domino | 7.0.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0766C3F9-D2A2-4A58-9FF7-11B57232DEA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C00B8057-26DF-4064-A934-0AA88A0C1A6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8EFA5487-2D61-4E61-98A3-51882A8CE0C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A95404CC-47B8-40C6-BCED-FC3E68CA8D8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8F342FD1-7A60-4E7D-B56A-E1C3D560C728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.4:*:fp1:*:*:*:*:*",
"matchCriteriaId": "99E2CC18-4049-470A-B6DB-580C65FED0A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.4:*:fp2:*:*:*:*:*",
"matchCriteriaId": "2396543F-1507-493C-B57F-3082D6E68894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C709D66D-3AE7-48B7-9E27-5D1FE452643C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.5:*:fp1:*:*:*:*:*",
"matchCriteriaId": "7B0B5F96-0762-45D3-B13E-1E4ED04AD69D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.5:*:fp2:*:*:*:*:*",
"matchCriteriaId": "DB1EA406-6488-46C0-B857-0BFFAA65B258",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8FDDB5FD-9152-4A9C-829B-8BA2ACB3A5A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A8A7AF44-125F-4760-8370-34B7B4CB8753",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "69495B18-39A4-443F-A724-F713C4DD14A2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Active Content Filter feature in IBM Lotus Domino before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to inject arbitrary web script or HTML via unspecified \"code sequences\" that bypass the protection scheme."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la funcionalidad Active Content Filter de IBM Lotus Domino anterior a 6.5.6 y 7.x anterior a 7.0.2 FP1 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n mediante \"secuencias de c\u00f3digo\" no especificadas que evitan el esquema de protecci\u00f3n."
}
],
"id": "CVE-2006-4843",
"lastModified": "2024-11-21T00:16:52.530",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-03-29T21:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=493"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24633"
},
{
"source": "cve@mitre.org",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21257026"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/23173"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1017824"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/1133"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33280"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=493"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24633"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21257026"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/23173"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1017824"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/1133"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33280"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-02-08 22:00
Modified
2024-11-21 01:25
Severity ?
Summary
Stack-based buffer overflow in nrouter.exe in IBM Lotus Domino before 8.5.3 allows remote attackers to execute arbitrary code via a long name parameter in a Content-Type header in a malformed Notes calendar (aka iCalendar or iCal) meeting request, aka SPR KLYH87LL23.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D9E1BDAF-D628-4797-AC6F-5D3D6422A218",
"versionEndIncluding": "8.5.2.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:4.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "51C33E15-C92F-4F22-9593-EFFE9F033730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:4.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5C91500D-E91E-4776-9F51-34E7EBB8F031",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:4.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F5441972-4038-4845-9B35-EF35C0053EB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3264F8E8-C40A-4C5C-BF2C-BD4690FE7EC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF9513C4-3F02-4C32-AD91-C4A5941A5A5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E570AFE6-CEAF-4F6F-81D3-CFFAAA8D5109",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CF6B527E-B1FE-41A3-A274-7BE2E893E6AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "92B419CE-813B-42AA-9E06-2059F7DEE669",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0.4a:*:*:*:*:*:*:*",
"matchCriteriaId": "197E7E1C-D545-46FB-890F-B92AB9DA2B94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "986B8670-2341-474D-8477-47627DF1ED02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "908E6F9A-FCE7-48C2-A307-057536944313",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0.6a:*:*:*:*:*:*:*",
"matchCriteriaId": "400521B9-F617-44A5-AF59-3D8DAE78067A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "00D21AF1-5802-41DA-8812-43B251D55CE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0.7a:*:*:*:*:*:*:*",
"matchCriteriaId": "78DCE051-78E2-4F35-9598-98C19110ECE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A80A1E8B-43C8-449F-9B16-01F30D23E3D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0.8a:*:*:*:*:*:*:*",
"matchCriteriaId": "A5E9D813-6EDD-48A0-9A2D-E08207F25AB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F49E352F-35C5-4C9A-9B3D-C8C6FC128B35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0.9a:*:*:*:*:*:*:*",
"matchCriteriaId": "CC2A846C-20EC-41A6-BF4C-8FB84C45CEE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "2E0761E0-E899-413E-97CF-23BDA9395B15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8471D114-204C-4B44-B0BE-C86226D8A5A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A9989FEB-3B5E-40FF-BDBF-CFC835BCF93B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B4B2AFF7-3921-402A-AE7A-BB9E2E8AA0A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2974F32F-19F1-42E5-AB4C-59ACC6D07ED5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C4BF6EB6-8A21-4FFD-A15F-797824D0F515",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B8A0BACA-DD1E-44AB-BF02-1F0DB179FF00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C1320064-F0E9-42C8-8E1C-9037684FA693",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "636FC0B6-8C7B-416E-9343-B6712C93D036",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3FD364F0-EE5B-4082-AD87-C9769F492E0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.0.2_cf2:*:*:*:*:*:*:*",
"matchCriteriaId": "64AB8494-6BC9-43CB-A645-43944B03D10A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "06DBE88F-F765-448E-88AF-3ED9FB98181A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AE30DC2C-35E9-4E4E-A8FF-2A31CF28B6DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9C9EE627-6072-4359-981B-0168F7D44B7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "53D6F4E6-2C8A-40B6-9DB9-38E15D2AFEEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0766C3F9-D2A2-4A58-9FF7-11B57232DEA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C00B8057-26DF-4064-A934-0AA88A0C1A6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8EFA5487-2D61-4E61-98A3-51882A8CE0C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D139E5E3-F66C-4184-9C4F-B06391147130",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A95404CC-47B8-40C6-BCED-FC3E68CA8D8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B39B06CE-E38C-469B-8E24-87B26F3BEB65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8F342FD1-7A60-4E7D-B56A-E1C3D560C728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EFBB2FBE-9A0A-49C9-A281-4D053513016B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D1B84127-574D-4C12-8823-787B1BBBAEA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C7708DE5-A3C2-4024-B5AE-FC9DE963935F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C709D66D-3AE7-48B7-9E27-5D1FE452643C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FB5AE863-C29F-4D32-8845-2D2426085071",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8FDDB5FD-9152-4A9C-829B-8BA2ACB3A5A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A8A7AF44-125F-4760-8370-34B7B4CB8753",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:7.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "48E4A116-4FEF-4EAF-B4C4-F6096853F791",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "69495B18-39A4-443F-A724-F713C4DD14A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:7.0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "63DD600E-2405-4954-B4EC-218ED0CF2492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:7.0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "42C54057-4166-476B-A184-CD3F4844D0D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:7.0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A0224534-201F-428A-A2D8-2C957BF57149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:7.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A946E7EE-769E-4676-AA7A-97CDD9168A5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:7.0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4AA31957-2452-4992-8DDA-7DDAAD09EC1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:7.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C8B5F961-7652-4967-BEEF-22F09484CDD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:7.0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "23E14D9F-97E1-4DFA-994F-DF7F118BFFA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:7.0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B09BFA8E-8F0F-4517-9F6A-B1097902324F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CE8510F6-D054-488E-99E9-A58272C47AA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "15DB2AF7-B494-4494-8686-33CB6A4C2CDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6FD6A3A3-6D6C-4EE0-B092-862DB03AC320",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1D2A467B-72FA-4280-A397-BC9D86D5B012",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D419EFAE-E03F-4F4A-8C18-06BE61EBBF5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.0.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F936FD55-AD59-47B3-8591-3F79B2ABB4E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.0.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E2FDC12D-2B2F-4967-8863-95A0F5AC2F21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.0.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E99A0A69-D443-469D-BDAB-F0250420C128",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E0059358-69C1-4F89-B4E6-B6BE22845D33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ECF00AEE-9A3A-46E3-8B0F-2131E3235431",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9861BE52-4945-4F36-B6EF-701DB789CA28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0D6BFA82-5CA0-403F-98E6-342EF87AE366",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "79CBA8AF-9C3D-4510-8D91-7C42931CD3FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6DB694E3-96E1-4283-8DE3-91E930F76A65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "05403BDA-56C0-465B-9669-19794DC7A7D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "91D7FA80-1FD9-48F3-934A-FC7B3BAD4FD6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in nrouter.exe in IBM Lotus Domino before 8.5.3 allows remote attackers to execute arbitrary code via a long name parameter in a Content-Type header in a malformed Notes calendar (aka iCalendar or iCal) meeting request, aka SPR KLYH87LL23."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en nrouter.exe en IBM Lotus Domino v8.5.3 y anteriores, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un par\u00e1metro de nombre largo en el encabezado Content-Type de convocatoria de reuni\u00f3n de calendario de Notes (tambi\u00e9n conocido como iCalendar o iCal con formato incorrecto), tambi\u00e9n conocido como SPR KLYH87LL23."
}
],
"id": "CVE-2011-0915",
"lastModified": "2024-11-21T01:25:09.333",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-02-08T22:00:02.587",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/43208"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21461514"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/516245/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://zerodayinitiative.com/advisories/ZDI-11-048/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/43208"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21461514"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/516245/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://zerodayinitiative.com/advisories/ZDI-11-048/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-12-31 05:00
Modified
2024-11-20 23:42
Severity ?
Summary
Lotus Domino 5.0.8 web server returns different error messages when a valid or invalid user is provided in HTTP requests, which allows remote attackers to determine valid user names and makes it easier to conduct brute force attacks.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | lotus_domino | 5.0.8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A80A1E8B-43C8-449F-9B16-01F30D23E3D7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Lotus Domino 5.0.8 web server returns different error messages when a valid or invalid user is provided in HTTP requests, which allows remote attackers to determine valid user names and makes it easier to conduct brute force attacks."
}
],
"id": "CVE-2002-2014",
"lastModified": "2024-11-20T23:42:40.030",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-01/0373.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/vuln-dev/2002-q1/0258.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.iss.net/security_center/static/8038.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/3991"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-01/0373.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/vuln-dev/2002-q1/0258.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.iss.net/security_center/static/8038.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/3991"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-12-21 14:22
Modified
2024-11-21 01:54
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.x before 8.5.3 FP6 and 9.0.x before 9.0.1, when ultra-light mode is enabled, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN9ARMFA.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | lotus_domino | 8.5.3.0 | |
| ibm | lotus_domino | 8.5.3.1 | |
| ibm | lotus_domino | 8.5.3.2 | |
| ibm | lotus_domino | 8.5.3.3 | |
| ibm | lotus_domino | 8.5.3.4 | |
| ibm | lotus_domino | 8.5.3.5 | |
| ibm | lotus_domino | 9.0.0.0 | |
| ibm | lotus_inotes | 8.5.3.0 | |
| ibm | lotus_inotes | 8.5.3.1 | |
| ibm | lotus_inotes | 8.5.3.2 | |
| ibm | lotus_inotes | 8.5.3.3 | |
| ibm | lotus_inotes | 8.5.3.4 | |
| ibm | lotus_inotes | 8.5.3.5 | |
| ibm | lotus_inotes | 9.0.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "350ACC22-669F-4429-A525-36F56EF9678C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3C068055-FB7A-4AFB-AF29-28238ECF126F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1ACB4B2C-CCE1-4A0A-B962-B8C208869589",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BC1A8676-B2CA-49FF-A43E-EAC62170BF82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "71ADC0C5-36E9-426E-B302-56804B1800BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "24863689-9472-4C56-B3A8-3053494437C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:9.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7025B610-6988-4A78-B0ED-6FB728AA6C28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:8.5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "76D0D493-1BFD-4054-BDB0-F338BFAFDC5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:8.5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F088F719-F4BE-4B49-B022-96D43664155B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:8.5.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B7F797B7-C3EA-4A12-8D69-217FBD4B9EB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:8.5.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AFCA4DA1-302C-42AD-9317-DC733A17696B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:8.5.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B102407C-3CCE-45A5-A3A2-9C24D5F4866A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:8.5.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "577AA3FA-31BA-429C-8CE6-B3776F5CF857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:9.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F9B79C2F-8633-47A2-ADB5-FEB0EEB10B90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.x before 8.5.3 FP6 and 9.0.x before 9.0.1, when ultra-light mode is enabled, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN9ARMFA."
},
{
"lang": "es",
"value": "Vulnerabilidad cross-site scripting (XSS) en iNotes de IBM Domino 8.5.x anteriores a 8.5.3 FP6 y 9.0.x anteriores a 9.0.1, cuando el modo ultra-light est\u00e1 activado, permite a usuarios remotos autenticados inyectar script web o HTML a trav\u00e9s de vectores no especificados, tambien conocido como SPR PTHN9ARMFA."
}
],
"id": "CVE-2013-4064",
"lastModified": "2024-11-21T01:54:48.880",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-12-21T14:22:56.753",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21659959"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86595"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21659959"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86595"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-03-22 17:55
Modified
2024-11-21 01:11
Severity ?
Summary
IBM Lotus Quickr 8.1 before 8.1.0.15 services for Lotus Domino on AIX allows remote authenticated users to cause a denial of service (daemon crash) by subscribing to an Atom feed, aka SPR JRIE7VKMP9.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | lotus_quickr | 8.1 | |
| ibm | lotus_domino | * | |
| ibm | aix | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_quickr:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "83B3B388-0438-4806-9F21-2170428739DF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BE9179CA-5855-4F19-BAA6-D0A6DF468B9B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:ibm:aix:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F7F01A55-7C37-4BAF-A4D4-61E8AC54FF79",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Lotus Quickr 8.1 before 8.1.0.15 services for Lotus Domino on AIX allows remote authenticated users to cause a denial of service (daemon crash) by subscribing to an Atom feed, aka SPR JRIE7VKMP9."
},
{
"lang": "es",
"value": "UsIBM Lotus Quickr 8.1 anteriores a la versi\u00f3n 8.1.0.15 services para Lotus Domino en AIX permite a usuarios remotos autenticados provocar una denegaci\u00f3n de servicio (ca\u00edda del demonio) mediante la suscripci\u00f3n de un feed Atom. Tambi\u00e9n conocido como SPR JRIE7VKMP9."
}
],
"id": "CVE-2009-5062",
"lastModified": "2024-11-21T01:11:06.080",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-03-22T17:55:01.207",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27013341"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27013341"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-09-19 12:02
Modified
2024-11-21 01:30
Severity ?
Summary
Stack-based buffer overflow in the NSFComputeEvaluateExt function in Nnotes.dll in IBM Lotus Domino 8.5.2 allows remote authenticated users to execute arbitrary code via a long tHPRAgentName parameter in an fmHttpPostRequest OpenForm action to WebAdmin.nsf.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | lotus_domino | 8.5.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "05403BDA-56C0-465B-9669-19794DC7A7D0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the NSFComputeEvaluateExt function in Nnotes.dll in IBM Lotus Domino 8.5.2 allows remote authenticated users to execute arbitrary code via a long tHPRAgentName parameter in an fmHttpPostRequest OpenForm action to WebAdmin.nsf."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en la funci\u00f3n NSFComputeEvaluateExt en Nnotes.dll en IBM Lotus Domino v8.5.2 permite a usuarios autenticados remotamente ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un par\u00e1metro largo tHPRAgentName en acci\u00f3n OpenForm fmHttpPostRequest a WebAdmin.nsf."
}
],
"id": "CVE-2011-3575",
"lastModified": "2024-11-21T01:30:46.703",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-09-19T12:02:57.323",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.research.reversingcode.com/exploits/IBMLotusDomino_StackOverflowPoC"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.research.reversingcode.com/index.php/advisories/73-ibm-ssd-1012211"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/49705"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69802"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.research.reversingcode.com/exploits/IBMLotusDomino_StackOverflowPoC"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.research.reversingcode.com/index.php/advisories/73-ibm-ssd-1012211"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/49705"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69802"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-11-10 15:23
Modified
2024-11-21 00:53
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Quickr 8.1 before 8.1.0.2 services for Lotus Domino allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to qpconfig_sample.xml, aka SPR CWIR7KMPVP and THES7F9NVR, a different vulnerability than CVE-2008-2163 and CVE-2008-3860.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus:*:8.1.0.1:*:*:*:*:*:*",
"matchCriteriaId": "590D5871-EB1A-41F1-8F14-1D179BFB35FB",
"versionEndIncluding": "quickr",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus:quickr:8.1:*:*:*:*:*:*",
"matchCriteriaId": "1D4EDB39-5BF2-44DF-9E1B-341B7117643E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BE9179CA-5855-4F19-BAA6-D0A6DF468B9B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Quickr 8.1 before 8.1.0.2 services for Lotus Domino allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to qpconfig_sample.xml, aka SPR CWIR7KMPVP and THES7F9NVR, a different vulnerability than CVE-2008-2163 and CVE-2008-3860."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Lotus Connections v2.x anterior a v2.0.1 de IBM Lotus Quickr v8.1 anteriores a v8.1.0.2, servicios para Lotus Domino, permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n mediante vectores no especificados, posiblemente relativo a qpconfig_sample.xml, (tambi\u00e9n conocido como) SPR CWIR7KMPVP y THES7F9NVR, es una vulnerabilidad diferente a CVE-2008-2163 y CVE-2008-3860."
}
],
"id": "CVE-2008-5011",
"lastModified": "2024-11-21T00:53:04.123",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-11-10T15:23:24.517",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/49777"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/49778"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32574"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27013341"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/32212"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/3081"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46463"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/49777"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/49778"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32574"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27013341"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/32212"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/3081"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46463"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-01-11 00:55
Modified
2024-11-21 01:43
Severity ?
Summary
Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, allows remote attackers to execute arbitrary code via vectors related to "insecure use of the java.lang.ClassLoder defineClass() method."
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:java:*:*:*:*:*:*:*:*",
"matchCriteriaId": "18BA3404-DE06-43A3-8319-31ECA80A8B8B",
"versionEndIncluding": "1.4.2.13.13",
"versionStartIncluding": "1.4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:java:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5BEA3D56-2995-42F6-9306-84B9E24AD317",
"versionEndIncluding": "5.0.14.0",
"versionStartIncluding": "5.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:java:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A59F289-2472-46F7-AD4B-24D9CE59807F",
"versionEndIncluding": "6.0.11.0",
"versionStartIncluding": "6.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:java:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9ABE8021-3E50-4DBF-991F-59BDD301389E",
"versionEndIncluding": "7.0.2.0",
"versionStartIncluding": "7.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6C3DB9C3-4DAC-4663-9097-95600E13FCDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CE8510F6-D054-488E-99E9-A58272C47AA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "15DB2AF7-B494-4494-8686-33CB6A4C2CDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6FD6A3A3-6D6C-4EE0-B092-862DB03AC320",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1D2A467B-72FA-4280-A397-BC9D86D5B012",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D419EFAE-E03F-4F4A-8C18-06BE61EBBF5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.0.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F936FD55-AD59-47B3-8591-3F79B2ABB4E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A1588F54-4E8B-43C3-85E5-A12C04B694CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B6DDD0E9-9084-4F0A-B3F1-8357CAD88A3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E0059358-69C1-4F89-B4E6-B6BE22845D33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ECF00AEE-9A3A-46E3-8B0F-2131E3235431",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9861BE52-4945-4F36-B6EF-701DB789CA28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0D6BFA82-5CA0-403F-98E6-342EF87AE366",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "79CBA8AF-9C3D-4510-8D91-7C42931CD3FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6DB694E3-96E1-4283-8DE3-91E930F76A65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EDB2B497-83A2-41A4-9F0D-CD17080CC1DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "91D7FA80-1FD9-48F3-934A-FC7B3BAD4FD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E30C8593-884E-4F6B-B107-0B3276EB1102",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A5B5CCB4-BB4F-4677-A7AA-B7C20682A00D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2408220F-FBDB-419E-8F04-35BED47CE213",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "350ACC22-669F-4429-A525-36F56EF9678C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3C068055-FB7A-4AFB-AF29-28238ECF126F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1ACB4B2C-CCE1-4A0A-B962-B8C208869589",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "692E295E-E650-42D5-AF7A-D6276C3D76E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A1E25625-8570-4744-A2A2-4A4FB4D8AC6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "50660BA1-A24A-4DBF-AB59-1CF04FA54120",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5759CBCB-7B3F-462A-B51A-FD2C6B13CCE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "69A79FA5-83FB-4067-B2A6-17EAF3947998",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "17815F4E-BB34-40D2-A3EE-3C7741940D1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7DE79982-9E92-498A-B961-55CB1D2D104F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F6814E3F-479C-4F56-BF66-C685E60CCA34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.0.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BB9EF5DE-4432-4099-AD59-CDD52E387BB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.0.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A1013797-0442-46A7-A94F-354388BA6B69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.0.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0CC228A3-1878-4A9F-8664-F4DFF77BF74B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0119A252-73B1-490F-9371-06E8FDB8B979",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "57D24791-E798-4B08-A051-E880DEFB8268",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2758590C-67FD-4DD6-84C1-0D32264BBE5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A7FC083C-B25E-427F-B722-B5ABD4F072F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0B0CF8A5-BC24-4204-BC06-2E1E2FB60E4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CDA723DB-62C5-4C84-B0BA-5313FDA49D73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "92F08B96-D43E-407E-839C-4C3C5BB58B2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5E50C779-C780-45FB-BC77-B9717389D2EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "867779A4-A7A5-48AD-9AC0-C6476719A5EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6B7B7544-D60C-4B9A-BC29-B30AD86EC9B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9D475EF5-DBB3-4B98-BB07-83A2632B5E0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F797A209-65C0-4A20-9DA2-C5576C091DE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9B01BCFA-13B4-4AB3-9558-4B704F6DCFA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D027E003-84C9-4290-A032-649C5E66B23B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1D9A13AC-B552-4E86-9E5D-62354D78E49C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E5CDBCB-F314-453B-B837-B03B53215748",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7A92849F-05E0-47DB-AB43-8AC559568D0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2BAE23EA-8576-4B4E-A6ED-91EB30E3FB6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes_sametime:8.0.80407:*:*:*:*:*:*:*",
"matchCriteriaId": "EB384FC6-D343-40F1-B9D3-480217EB97D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes_sametime:8.0.80822:*:*:*:*:*:*:*",
"matchCriteriaId": "9D4D8B5E-8172-4FC2-9F4F-6FB5D989DE1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes_sametime:8.5.1.20100709-1631:*:*:*:advanced_embedded:*:*:*",
"matchCriteriaId": "62A619D0-A250-41F7-8BC3-37B1507AF37C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes_traveler:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F6F9782A-17B1-4258-8B03-483328EFB01D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes_traveler:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "27E40AA1-CF34-4757-8EE1-873A5B199496",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes_traveler:8.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3997E3C6-1822-4DBB-A6E1-B46F4E0CF3B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes_traveler:8.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "35746885-CB26-4527-AB17-BBEF37A33F70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes_traveler:8.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6AE0191C-D6EF-486A-B497-9692D2892DA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes_traveler:8.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BE3021AA-7337-46B2-AECE-D4C93C032578",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes_traveler:8.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "29746507-F154-4216-B560-1D9243D5FF7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes_traveler:8.5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "80E42A69-B549-4904-AC5C-E2053CB38450",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes_traveler:8.5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2B2285A0-B3E7-4D41-9D06-796485D39B0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes_traveler:8.5.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E0D4D6C6-656D-433F-973B-7C0F7FD09428",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes_traveler:8.5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9DC57196-D703-407C-9883-58C31C6C4C62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes_traveler:8.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D25E5860-083C-4D43-945C-AB068BFF624B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes_traveler:8.5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E41ECC63-45B0-4011-8906-FF4DC825DA50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes_traveler:8.5.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB76CF67-767D-4A30-BB3F-2F44D80BC609",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes_traveler:8.5.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "521A5B6F-D214-4181-915B-CE1AF1F90397",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes_traveler:8.5.3.3:interim_fix_1:*:*:*:*:*:*",
"matchCriteriaId": "87F9AF9E-E7EA-44DF-AD03-0D28CC105EC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_change:4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "AD723C24-48AA-480F-93A5-064F9D4D75F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_change:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AFCFCA2C-1594-4FE3-BE4D-B9407A1BC1C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_change:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "323418E3-6CDF-4E84-8D3C-324BFE95DD4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_change:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F08AFD22-F720-4683-9444-012722E5E979",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_host_on-demand:1.6.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "B9114377-B995-419A-A566-4CFD06715298",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_host_on-demand:8.0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EAFD73FB-2F37-4B0D-A967-B6DD8500A273",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_host_on-demand:9.0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5E0D1AE7-63C6-4E66-90EB-9FB1ED71FC22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_host_on-demand:10.0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16CAC644-C915-46BF-88C3-6792304B7CE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_host_on-demand:10.0.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C9B4EA6D-BA41-4170-B4EC-6850ACA98344",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_host_on-demand:11.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "39AD3F53-55F2-451D-8A56-9B7B96F19AD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_host_on-demand:11.0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D8ABC05-561E-43D7-B408-BED36676C6B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_host_on-demand:11.0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BF30EFD9-12DD-4D2E-A087-66C008CF4338",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_host_on-demand:11.0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C3F20944-2611-41DC-8470-F267EA09A66F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_host_on-demand:11.0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16A57406-18F3-4F9E-A6C1-72DB1B0D0F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_host_on-demand:11.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8CDC30B5-78D0-4F0F-9F85-96B85026F33F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:service_delivery_manager:7.2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AB5888AC-B251-4DE4-95E8-56385429343E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:service_delivery_manager:7.2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CCA27B37-E411-496D-B23B-C8F8B9F95239",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smart_analytics_system_5600_software:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6A24824E-7091-41EA-A994-67DB0BAFF592",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smart_analytics_system_5600_software:9.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0C04EBD9-A8CD-498E-9724-848BBF4C13FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BE417DBB-F699-4B0C-93E4-F2A96E60A42C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "503B5597-B95E-4F8F-BCB6-B303D378F5CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2289E7D5-2915-42D3-BE86-FF63BF507251",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "45864079-DC1E-42F6-B9D4-36E1A46DE093",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "39A65FE7-7745-4D94-A22C-D0C7CF1C339A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5DB4F6B1-F1A1-40A3-9EB6-36CBDCF5FD55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "13DB3D7D-0D80-4B7E-B516-D4AE2AE3FC48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "11F1528F-BE73-4B03-BFA5-B1F96099F3F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AD8B5726-CDA8-4BDE-B2A6-AE308959A862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6233ED9B-760D-4218-A25B-DF67D703D9EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "350B304F-4ED0-4A91-A901-77A149DE2481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "50A2D35D-4170-4DD7-9AD3-39F23D432289",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "15E20435-C3A0-4A57-B82A-595A48BB0991",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33A34B3F-710C-42A8-B791-DA624B23E36D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E5010AB5-0932-4F05-9D6A-9D4C49151E83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7299B1C8-7BC2-4F42-B19E-4D0D2E599D02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1FC98EF0-EDCA-47D8-A4CE-083E3AA0376C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6522CFEE-4368-4596-8DB9-18247AB19C67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8E386E16-9F8F-4444-A190-EF964CA339F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AC24B012-A887-4A3F-A32C-80435C64BC10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F0B310DC-21E5-4A0D-A3D6-B0FD21C6C4F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "499FAEEF-0533-44FE-8249-AE40C6233E06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "1E8B4310-F5D2-4448-89C1-E6D656351E7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "88380637-715A-49CB-A9B6-0F8411225E9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D3AF6714-0D55-4C81-B354-F3875ACE4388",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "94A90709-74AD-4C1B-806C-E7E335A3A773",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E17308E6-B755-434F-8D2B-E5BBA37BA1F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_remote_control:5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C3BFA6A7-DA21-4DB1-829E-6CBF15AE19B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_real_time:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2487821D-BB7A-4574-A98B-B37604CD4654",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_real_time:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "88CB9D0F-DCAB-484D-ACA8-64772659EE6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tivoli_storage_productivity_center:5.0:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E541FE5B-2147-4340-85BE-C6A23E64F343",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tivoli_storage_productivity_center:5.1:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E1EFAA15-C456-45A5-8B60-5CCF0CF0029B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tivoli_storage_productivity_center:5.1.1:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8B783E88-2CDB-47B9-8F2F-126E60EA42CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:smart_analytics_system_5600:7200:*:*:*:*:*:*:*",
"matchCriteriaId": "CD9B9B97-8A48-4202-A48B-092585DDE4F2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes \u0026 Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, allows remote attackers to execute arbitrary code via vectors related to \"insecure use of the java.lang.ClassLoder defineClass() method.\""
},
{
"lang": "es",
"value": "Una vulnerabilidad no especificada en el componente JRE de IBM Java 7 SR2 y anteriores, SR3 Java v6.0.1 y anteriores, Java 6 SR11 y anteriores, Java 5 SR14 y anteriores, y Java 142 SR13 FP13 y anteriores, tal y como se utiliza en IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control v5.1.2, WebSphere Real Time, Lotus Notes y Domino, Tivoli Storage Productivity Center y Service Deliver Manager y otros productos de otros fabricantes tales como Red Hat, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de vectores relacionados con el \"uso inseguro del m\u00e9todo defineClass java.lang.ClassLoder().\"\r\n"
}
],
"id": "CVE-2012-4823",
"lastModified": "2024-11-21T01:43:34.023",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-01-11T00:55:01.150",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1466.html"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1467.html"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/bugtraq/2012/Sep/38"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/51326"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/51327"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/51634"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV29687"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21615705"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21615800"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616490"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616594"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616616"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616617"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616652"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616708"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21621154"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/55495"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78767"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21616546"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1466.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1467.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/bugtraq/2012/Sep/38"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/51326"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/51327"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/51634"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV29687"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21615705"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21615800"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616490"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616594"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616616"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616617"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616652"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616708"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21621154"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/55495"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78767"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21616546"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-03-28 22:19
Modified
2024-11-21 00:29
Severity ?
Summary
Heap-based buffer overflow in the LDAP server in IBM Lotus Domino before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to cause a denial of service (crash) via a long, malformed DN request, which causes only the lower 16 bits of the string length to be used in memory allocation.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | lotus_domino | 7.0 | |
| ibm | lotus_domino | 7.0.1 | |
| ibm | lotus_domino | 7.0.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8FDDB5FD-9152-4A9C-829B-8BA2ACB3A5A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A8A7AF44-125F-4760-8370-34B7B4CB8753",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "69495B18-39A4-443F-A724-F713C4DD14A2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the LDAP server in IBM Lotus Domino before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to cause a denial of service (crash) via a long, malformed DN request, which causes only the lower 16 bits of the string length to be used in memory allocation."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en el servidor LDAP en IBM Lotus Domino versiones anteriores a 6.5.6 y 7.x versiones anteriores a 7.0.2 FP1 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) mediante una petici\u00f3n DN larga y malformada, que provoca que solamente los 16bits menos significativos de la longitud de la cadena se usen para alojamiento de memoria."
}
],
"id": "CVE-2007-1739",
"lastModified": "2024-11-21T00:29:03.180",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-03-28T22:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=494"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24633"
},
{
"source": "cve@mitre.org",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21257248"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/927988"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/23173"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/23174"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1017825"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/1133"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33278"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=494"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24633"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21257248"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/927988"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/23173"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/23174"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1017825"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/1133"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33278"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-03-05 17:30
Modified
2024-11-21 01:13
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in help/readme.nsf/Header in the Help component in IBM Lotus Domino 7.x before 7.0.4 and 8.x before 8.0.2 allows remote attackers to inject arbitrary web script or HTML via the BaseTarget parameter in an OpenPage action. NOTE: this may overlap CVE-2010-0920.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | lotus_domino | 7.0 | |
| ibm | lotus_domino | 7.0.1 | |
| ibm | lotus_domino | 7.0.1.1 | |
| ibm | lotus_domino | 7.0.2 | |
| ibm | lotus_domino | 7.0.2.1 | |
| ibm | lotus_domino | 7.0.2.2 | |
| ibm | lotus_domino | 7.0.2.3 | |
| ibm | lotus_domino | 7.0.3 | |
| ibm | lotus_domino | 7.0.3.1 | |
| ibm | lotus_domino | 8.0 | |
| ibm | lotus_domino | 8.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8FDDB5FD-9152-4A9C-829B-8BA2ACB3A5A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A8A7AF44-125F-4760-8370-34B7B4CB8753",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:7.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "48E4A116-4FEF-4EAF-B4C4-F6096853F791",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "69495B18-39A4-443F-A724-F713C4DD14A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:7.0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "63DD600E-2405-4954-B4EC-218ED0CF2492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:7.0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "42C54057-4166-476B-A184-CD3F4844D0D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:7.0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A0224534-201F-428A-A2D8-2C957BF57149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:7.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A946E7EE-769E-4676-AA7A-97CDD9168A5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:7.0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4AA31957-2452-4992-8DDA-7DDAAD09EC1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6C3DB9C3-4DAC-4663-9097-95600E13FCDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CE8510F6-D054-488E-99E9-A58272C47AA3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in help/readme.nsf/Header in the Help component in IBM Lotus Domino 7.x before 7.0.4 and 8.x before 8.0.2 allows remote attackers to inject arbitrary web script or HTML via the BaseTarget parameter in an OpenPage action. NOTE: this may overlap CVE-2010-0920."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en help/readme.nsf/Header en the Help component en IBM Lotus Domino v7.x anteriores a v7.0.4 y v8.x anteriores a v8.0.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML de forma arbitraria a trav\u00e9s del par\u00e1metro \"BaseTarget\" en una acci\u00f3n OpenPage. NOTA: Esta vulnerabilidad se solapa con CVE-2010-0920."
}
],
"id": "CVE-2010-0927",
"lastModified": "2024-11-21T01:13:13.733",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-03-05T17:30:00.347",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.cybsec.com/vuln/CYBSEC_Advisory_2010_0301_IBM_%20Lotus_Dominio_Readme_nsf_Reflected_XSS.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/38481"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.cybsec.com/vuln/CYBSEC_Advisory_2010_0301_IBM_%20Lotus_Dominio_Readme_nsf_Reflected_XSS.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/38481"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-10-22 22:55
Modified
2024-11-21 01:57
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.3 before FP5 IF2 and 9.0 before IF5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN9AYK5F.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | lotus_domino | 8.5.3.0 | |
| ibm | lotus_domino | 9.0.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "350ACC22-669F-4429-A525-36F56EF9678C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:9.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7025B610-6988-4A78-B0ED-6FB728AA6C28",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.3 before FP5 IF2 and 9.0 before IF5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN9AYK5F."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en iNotes en IBM Domino 8.5.3 anterior a FP5 IF2 y 9.0 anterior a IF5 permite a atacantes remotos inyectar script web arbitrario o HTML a trav\u00e9s de vectores sin especificar, aka SPR PTHN9AYK5F."
}
],
"id": "CVE-2013-5388",
"lastModified": "2024-11-21T01:57:23.930",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-10-22T22:55:07.300",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21653149"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87123"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21653149"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87123"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-05-24 23:55
Modified
2024-11-21 01:26
Severity ?
Summary
The default configuration of ExShortcut\Web.config in EMC SourceOne Email Management before 6.6 SP1, when the Mobile Services component is used, does not properly set the localOnly attribute of the trace element, which allows remote authenticated users to obtain sensitive information via ASP.NET Application Tracing.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | sourceone_email_management | * | |
| emc | sourceone_email_management | 6.5.2.3668 | |
| microsoft | exchange | * | |
| emc | sourceone_email_management | * | |
| emc | sourceone_email_management | 6.5.2.3668 | |
| ibm | lotus_domino | * | |
| ibm | lotus_notes | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:sourceone_email_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "04A21052-75B2-4345-962D-A50D39EBB274",
"versionEndIncluding": "6.6.0.1209",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:sourceone_email_management:6.5.2.3668:*:*:*:*:*:*:*",
"matchCriteriaId": "BBCD8519-FCF2-45C5-9026-AAD064DAFF59",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:exchange:*:*:*:*:*:*:*:*",
"matchCriteriaId": "994A442C-6440-4132-A19E-3717618715BC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:sourceone_email_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "04A21052-75B2-4345-962D-A50D39EBB274",
"versionEndIncluding": "6.6.0.1209",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:sourceone_email_management:6.5.2.3668:*:*:*:*:*:*:*",
"matchCriteriaId": "BBCD8519-FCF2-45C5-9026-AAD064DAFF59",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BE9179CA-5855-4F19-BAA6-D0A6DF468B9B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "99CADAC9-376A-430B-B228-84F0FA401154",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The default configuration of ExShortcut\\Web.config in EMC SourceOne Email Management before 6.6 SP1, when the Mobile Services component is used, does not properly set the localOnly attribute of the trace element, which allows remote authenticated users to obtain sensitive information via ASP.NET Application Tracing."
},
{
"lang": "es",
"value": "La configuraci\u00f3n por defecto de ExShortcut\\Web.config en EMC SourceOne Email Management anteriores a v6.6 Service Pack 1, cuando se utiliza el componente Mobile Services, no fija de forma adecuada el atributo localOnly de la traza del elemento, lo que permite a usuarios remotos autenticados a obtener informaci\u00f3n sensible a trav\u00e9s de la aplicaci\u00f3n ASP.NET Application Tracing."
}
],
"id": "CVE-2011-1424",
"lastModified": "2024-11-21T01:26:16.850",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-05-24T23:55:02.777",
"references": [
{
"source": "security_alert@emc.com",
"url": "http://securityreason.com/securityalert/8258"
},
{
"source": "security_alert@emc.com",
"url": "http://www.securityfocus.com/archive/1/518003/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/8258"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/518003/100/0/threaded"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-16"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-03 04:00
Modified
2024-11-20 23:57
Severity ?
Summary
Format string vulnerability in Lotus Domino 6.0.x before 6.0.5 and 6.5.x before 6.5.4 allows remote attackers to cause a denial of service via the Notes protocol (NRPC).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | lotus_domino | 6.0 | |
| ibm | lotus_domino | 6.0.1 | |
| ibm | lotus_domino | 6.0.2 | |
| ibm | lotus_domino | 6.0.2_cf2 | |
| ibm | lotus_domino | 6.0.3 | |
| ibm | lotus_domino | 6.5.0 | |
| ibm | lotus_domino | 6.5.1 | |
| ibm | lotus_domino | 6.5.2 | |
| ibm | lotus_domino | 6.5.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A9989FEB-3B5E-40FF-BDBF-CFC835BCF93B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B4B2AFF7-3921-402A-AE7A-BB9E2E8AA0A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C1320064-F0E9-42C8-8E1C-9037684FA693",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.0.2_cf2:*:*:*:*:*:*:*",
"matchCriteriaId": "64AB8494-6BC9-43CB-A645-43944B03D10A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "06DBE88F-F765-448E-88AF-3ED9FB98181A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0766C3F9-D2A2-4A58-9FF7-11B57232DEA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C00B8057-26DF-4064-A934-0AA88A0C1A6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8EFA5487-2D61-4E61-98A3-51882A8CE0C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A95404CC-47B8-40C6-BCED-FC3E68CA8D8F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in Lotus Domino 6.0.x before 6.0.5 and 6.5.x before 6.5.4 allows remote attackers to cause a denial of service via the Notes protocol (NRPC)."
}
],
"id": "CVE-2005-1441",
"lastModified": "2024-11-20T23:57:21.427",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-03T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/14879"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1013842"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www-1.ibm.com/support/docview.wss?rs=463\u0026uid=swg21202525"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/15366"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/13446"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20043"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/14879"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1013842"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www-1.ibm.com/support/docview.wss?rs=463\u0026uid=swg21202525"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/15366"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/13446"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20043"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-02-16 01:28
Modified
2024-11-21 00:27
Severity ?
Summary
IBM Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" enabled, stores HTTPPassword hashes from names.nsf in a manner accessible through Readviewentries and OpenDocument requests to the defaultview view, a different vector than CVE-2005-2428.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | lotus_domino | 5.0 | |
| ibm | lotus_domino | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3264F8E8-C40A-4C5C-BF2C-BD4690FE7EC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A9989FEB-3B5E-40FF-BDBF-CFC835BCF93B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Lotus Domino R5 and R6 WebMail, with \"Generate HTML for all fields\" enabled, stores HTTPPassword hashes from names.nsf in a manner accessible through Readviewentries and OpenDocument requests to the defaultview view, a different vector than CVE-2005-2428."
},
{
"lang": "es",
"value": "IBM Lotus Domino R5 y R6 WebMail, con \"Generar HTML para todos los campos\" habilitado, almacena tablas hash HTTPPassword de names.nsf de una manera accesible a trav\u00e9s de peticiones Readviewentries y OpenDocument a la vista defaultview, vector distinto a CVE-2005-2428."
}
],
"evaluatorImpact": "\"Generate HTML for all fields\" must be enabled for successful exploitation.",
"id": "CVE-2007-0977",
"lastModified": "2024-11-21T00:27:12.330",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-02-16T01:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/35764"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/3302"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/35764"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/3302"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-12-31 05:00
Modified
2024-11-20 23:38
Severity ?
Summary
Lotus Domino server 5.0.9a and earlier allows remote attackers to bypass security restrictions and view Notes database files and possibly sensitive Notes template files (.ntf) via an HTTP request with a large number of "+" characters before the .nsf file extension, which are converted to spaces by Domino.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | lotus_domino | 5.0 | |
| ibm | lotus_domino | 5.0.1 | |
| ibm | lotus_domino | 5.0.2 | |
| ibm | lotus_domino | 5.0.3 | |
| ibm | lotus_domino | 5.0.4 | |
| ibm | lotus_domino | 5.0.5 | |
| ibm | lotus_domino | 5.0.6 | |
| ibm | lotus_domino | 5.0.7 | |
| ibm | lotus_domino | 5.0.7a | |
| ibm | lotus_domino | 5.0.8 | |
| ibm | lotus_domino | 5.0.9 | |
| ibm | lotus_domino_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3264F8E8-C40A-4C5C-BF2C-BD4690FE7EC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF9513C4-3F02-4C32-AD91-C4A5941A5A5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E570AFE6-CEAF-4F6F-81D3-CFFAAA8D5109",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CF6B527E-B1FE-41A3-A274-7BE2E893E6AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0.4:*:solaris:*:*:*:*:*",
"matchCriteriaId": "1D2DC637-4AEA-412D-A2B2-723C4ED21C50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "986B8670-2341-474D-8477-47627DF1ED02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "908E6F9A-FCE7-48C2-A307-057536944313",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0.7:*:solaris:*:*:*:*:*",
"matchCriteriaId": "10D90491-68DD-44FA-9B5A-81CF19896F45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0.7a:*:*:*:*:*:*:*",
"matchCriteriaId": "78DCE051-78E2-4F35-9598-98C19110ECE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A80A1E8B-43C8-449F-9B16-01F30D23E3D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F49E352F-35C5-4C9A-9B3D-C8C6FC128B35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3698BF6-D4A1-4247-9CB6-4259F2CE6F85",
"versionEndIncluding": "5.0.9a",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Lotus Domino server 5.0.9a and earlier allows remote attackers to bypass security restrictions and view Notes database files and possibly sensitive Notes template files (.ntf) via an HTTP request with a large number of \"+\" characters before the .nsf file extension, which are converted to spaces by Domino."
}
],
"id": "CVE-2001-1567",
"lastModified": "2024-11-20T23:38:00.200",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=101284222932568\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=101285903120879\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=101286525008089\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://www.iss.net/security_center/static/8072.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.nextgenss.com/papers/hpldws.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/4022"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=101284222932568\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=101285903120879\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=101286525008089\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.iss.net/security_center/static/8072.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.nextgenss.com/papers/hpldws.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/4022"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:53
Severity ?
Summary
Directory traversal vulnerability in webadmin.nsf in Lotus Domino R6 6.5.1 allows local users to create folders or determine the existence of files via a .. (dot dot) in the new folder dialog.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | lotus_domino | 6.5.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C00B8057-26DF-4064-A934-0AA88A0C1A6F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in webadmin.nsf in Lotus Domino R6 6.5.1 allows local users to create folders or determine the existence of files via a .. (dot dot) in the new folder dialog."
}
],
"id": "CVE-2004-2311",
"lastModified": "2024-11-20T23:53:01.643",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://members.lycos.co.uk/r34ct/main/ibm_lotus_domino/lotus.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/11143"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/9900"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15504"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://members.lycos.co.uk/r34ct/main/ibm_lotus_domino/lotus.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/11143"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/9900"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15504"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-01-11 00:55
Modified
2024-11-21 01:43
Severity ?
Summary
Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, allow remote attackers to execute arbitrary code via vectors related to "insecure use [of] multiple methods in the java.lang.class class."
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:java:*:*:*:*:*:*:*:*",
"matchCriteriaId": "18BA3404-DE06-43A3-8319-31ECA80A8B8B",
"versionEndIncluding": "1.4.2.13.13",
"versionStartIncluding": "1.4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:java:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5BEA3D56-2995-42F6-9306-84B9E24AD317",
"versionEndIncluding": "5.0.14.0",
"versionStartIncluding": "5.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:java:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A59F289-2472-46F7-AD4B-24D9CE59807F",
"versionEndIncluding": "6.0.11.0",
"versionStartIncluding": "6.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:java:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9ABE8021-3E50-4DBF-991F-59BDD301389E",
"versionEndIncluding": "7.0.2.0",
"versionStartIncluding": "7.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6C3DB9C3-4DAC-4663-9097-95600E13FCDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CE8510F6-D054-488E-99E9-A58272C47AA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "15DB2AF7-B494-4494-8686-33CB6A4C2CDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6FD6A3A3-6D6C-4EE0-B092-862DB03AC320",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1D2A467B-72FA-4280-A397-BC9D86D5B012",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D419EFAE-E03F-4F4A-8C18-06BE61EBBF5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.0.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F936FD55-AD59-47B3-8591-3F79B2ABB4E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A1588F54-4E8B-43C3-85E5-A12C04B694CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B6DDD0E9-9084-4F0A-B3F1-8357CAD88A3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E0059358-69C1-4F89-B4E6-B6BE22845D33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ECF00AEE-9A3A-46E3-8B0F-2131E3235431",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9861BE52-4945-4F36-B6EF-701DB789CA28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0D6BFA82-5CA0-403F-98E6-342EF87AE366",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "79CBA8AF-9C3D-4510-8D91-7C42931CD3FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6DB694E3-96E1-4283-8DE3-91E930F76A65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EDB2B497-83A2-41A4-9F0D-CD17080CC1DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "91D7FA80-1FD9-48F3-934A-FC7B3BAD4FD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E30C8593-884E-4F6B-B107-0B3276EB1102",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A5B5CCB4-BB4F-4677-A7AA-B7C20682A00D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2408220F-FBDB-419E-8F04-35BED47CE213",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "350ACC22-669F-4429-A525-36F56EF9678C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3C068055-FB7A-4AFB-AF29-28238ECF126F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1ACB4B2C-CCE1-4A0A-B962-B8C208869589",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "692E295E-E650-42D5-AF7A-D6276C3D76E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A1E25625-8570-4744-A2A2-4A4FB4D8AC6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "50660BA1-A24A-4DBF-AB59-1CF04FA54120",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5759CBCB-7B3F-462A-B51A-FD2C6B13CCE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "69A79FA5-83FB-4067-B2A6-17EAF3947998",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "17815F4E-BB34-40D2-A3EE-3C7741940D1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7DE79982-9E92-498A-B961-55CB1D2D104F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F6814E3F-479C-4F56-BF66-C685E60CCA34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.0.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BB9EF5DE-4432-4099-AD59-CDD52E387BB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.0.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A1013797-0442-46A7-A94F-354388BA6B69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.0.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0CC228A3-1878-4A9F-8664-F4DFF77BF74B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0119A252-73B1-490F-9371-06E8FDB8B979",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "57D24791-E798-4B08-A051-E880DEFB8268",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2758590C-67FD-4DD6-84C1-0D32264BBE5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A7FC083C-B25E-427F-B722-B5ABD4F072F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0B0CF8A5-BC24-4204-BC06-2E1E2FB60E4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CDA723DB-62C5-4C84-B0BA-5313FDA49D73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "92F08B96-D43E-407E-839C-4C3C5BB58B2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5E50C779-C780-45FB-BC77-B9717389D2EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "867779A4-A7A5-48AD-9AC0-C6476719A5EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6B7B7544-D60C-4B9A-BC29-B30AD86EC9B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9D475EF5-DBB3-4B98-BB07-83A2632B5E0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F797A209-65C0-4A20-9DA2-C5576C091DE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9B01BCFA-13B4-4AB3-9558-4B704F6DCFA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D027E003-84C9-4290-A032-649C5E66B23B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1D9A13AC-B552-4E86-9E5D-62354D78E49C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E5CDBCB-F314-453B-B837-B03B53215748",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7A92849F-05E0-47DB-AB43-8AC559568D0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2BAE23EA-8576-4B4E-A6ED-91EB30E3FB6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes_sametime:8.0.80407:*:*:*:*:*:*:*",
"matchCriteriaId": "EB384FC6-D343-40F1-B9D3-480217EB97D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes_sametime:8.0.80822:*:*:*:*:*:*:*",
"matchCriteriaId": "9D4D8B5E-8172-4FC2-9F4F-6FB5D989DE1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes_sametime:8.5.1.20100709-1631:*:*:*:advanced_embedded:*:*:*",
"matchCriteriaId": "62A619D0-A250-41F7-8BC3-37B1507AF37C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes_traveler:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F6F9782A-17B1-4258-8B03-483328EFB01D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes_traveler:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "27E40AA1-CF34-4757-8EE1-873A5B199496",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes_traveler:8.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3997E3C6-1822-4DBB-A6E1-B46F4E0CF3B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes_traveler:8.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "35746885-CB26-4527-AB17-BBEF37A33F70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes_traveler:8.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6AE0191C-D6EF-486A-B497-9692D2892DA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes_traveler:8.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BE3021AA-7337-46B2-AECE-D4C93C032578",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes_traveler:8.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "29746507-F154-4216-B560-1D9243D5FF7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes_traveler:8.5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "80E42A69-B549-4904-AC5C-E2053CB38450",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes_traveler:8.5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2B2285A0-B3E7-4D41-9D06-796485D39B0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes_traveler:8.5.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E0D4D6C6-656D-433F-973B-7C0F7FD09428",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes_traveler:8.5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9DC57196-D703-407C-9883-58C31C6C4C62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes_traveler:8.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D25E5860-083C-4D43-945C-AB068BFF624B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes_traveler:8.5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E41ECC63-45B0-4011-8906-FF4DC825DA50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes_traveler:8.5.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB76CF67-767D-4A30-BB3F-2F44D80BC609",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes_traveler:8.5.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "521A5B6F-D214-4181-915B-CE1AF1F90397",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes_traveler:8.5.3.3:interim_fix_1:*:*:*:*:*:*",
"matchCriteriaId": "87F9AF9E-E7EA-44DF-AD03-0D28CC105EC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_change:4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "AD723C24-48AA-480F-93A5-064F9D4D75F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_change:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AFCFCA2C-1594-4FE3-BE4D-B9407A1BC1C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_change:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "323418E3-6CDF-4E84-8D3C-324BFE95DD4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_change:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F08AFD22-F720-4683-9444-012722E5E979",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_host_on-demand:1.6.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "B9114377-B995-419A-A566-4CFD06715298",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_host_on-demand:8.0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EAFD73FB-2F37-4B0D-A967-B6DD8500A273",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_host_on-demand:9.0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5E0D1AE7-63C6-4E66-90EB-9FB1ED71FC22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_host_on-demand:10.0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16CAC644-C915-46BF-88C3-6792304B7CE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_host_on-demand:10.0.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C9B4EA6D-BA41-4170-B4EC-6850ACA98344",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_host_on-demand:11.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "39AD3F53-55F2-451D-8A56-9B7B96F19AD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_host_on-demand:11.0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D8ABC05-561E-43D7-B408-BED36676C6B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_host_on-demand:11.0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BF30EFD9-12DD-4D2E-A087-66C008CF4338",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_host_on-demand:11.0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C3F20944-2611-41DC-8470-F267EA09A66F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_host_on-demand:11.0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16A57406-18F3-4F9E-A6C1-72DB1B0D0F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_host_on-demand:11.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8CDC30B5-78D0-4F0F-9F85-96B85026F33F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:service_delivery_manager:7.2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AB5888AC-B251-4DE4-95E8-56385429343E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:service_delivery_manager:7.2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CCA27B37-E411-496D-B23B-C8F8B9F95239",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smart_analytics_system_5600_software:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6A24824E-7091-41EA-A994-67DB0BAFF592",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smart_analytics_system_5600_software:9.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0C04EBD9-A8CD-498E-9724-848BBF4C13FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BE417DBB-F699-4B0C-93E4-F2A96E60A42C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "503B5597-B95E-4F8F-BCB6-B303D378F5CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2289E7D5-2915-42D3-BE86-FF63BF507251",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "45864079-DC1E-42F6-B9D4-36E1A46DE093",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "39A65FE7-7745-4D94-A22C-D0C7CF1C339A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5DB4F6B1-F1A1-40A3-9EB6-36CBDCF5FD55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "13DB3D7D-0D80-4B7E-B516-D4AE2AE3FC48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "11F1528F-BE73-4B03-BFA5-B1F96099F3F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AD8B5726-CDA8-4BDE-B2A6-AE308959A862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6233ED9B-760D-4218-A25B-DF67D703D9EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "350B304F-4ED0-4A91-A901-77A149DE2481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "50A2D35D-4170-4DD7-9AD3-39F23D432289",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "15E20435-C3A0-4A57-B82A-595A48BB0991",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33A34B3F-710C-42A8-B791-DA624B23E36D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E5010AB5-0932-4F05-9D6A-9D4C49151E83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7299B1C8-7BC2-4F42-B19E-4D0D2E599D02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1FC98EF0-EDCA-47D8-A4CE-083E3AA0376C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6522CFEE-4368-4596-8DB9-18247AB19C67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8E386E16-9F8F-4444-A190-EF964CA339F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AC24B012-A887-4A3F-A32C-80435C64BC10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F0B310DC-21E5-4A0D-A3D6-B0FD21C6C4F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "499FAEEF-0533-44FE-8249-AE40C6233E06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "1E8B4310-F5D2-4448-89C1-E6D656351E7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "88380637-715A-49CB-A9B6-0F8411225E9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D3AF6714-0D55-4C81-B354-F3875ACE4388",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "94A90709-74AD-4C1B-806C-E7E335A3A773",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E17308E6-B755-434F-8D2B-E5BBA37BA1F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_remote_control:5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C3BFA6A7-DA21-4DB1-829E-6CBF15AE19B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_real_time:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2487821D-BB7A-4574-A98B-B37604CD4654",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_real_time:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "88CB9D0F-DCAB-484D-ACA8-64772659EE6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tivoli_storage_productivity_center:5.0:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E541FE5B-2147-4340-85BE-C6A23E64F343",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tivoli_storage_productivity_center:5.1:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E1EFAA15-C456-45A5-8B60-5CCF0CF0029B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tivoli_storage_productivity_center:5.1.1:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8B783E88-2CDB-47B9-8F2F-126E60EA42CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:smart_analytics_system_5600:7200:*:*:*:*:*:*:*",
"matchCriteriaId": "CD9B9B97-8A48-4202-A48B-092585DDE4F2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes \u0026 Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, allow remote attackers to execute arbitrary code via vectors related to \"insecure use [of] multiple methods in the java.lang.class class.\""
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades no especificadas en el componente JRE en IBM Java 7 SR2 y anteriores, Java v6.0.1 SR3 y anteriores, Java 6 SR11 y anteriores, Java 5 SR14 y anteriores, y Java 142 SR13 FP13 y anteriores; como las usadas en IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control v5.1.2, WebSphere Real Time, Lotus Notes \u0026 Domino, Tivoli Storage Productivity Center, y Service Deliver Manager; y otros productos de otros vendedores como Red Hat, permite a atacantes remotos a ejecutar c\u00f3digoa trav\u00e9s de vectores relacionados con \"uso inseguro de uso [de] m\u00e9todos m\u00faltiples en la clase java.lang.class class.\""
}
],
"id": "CVE-2012-4822",
"lastModified": "2024-11-21T01:43:33.843",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-01-11T00:55:01.087",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1465.html"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1466.html"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1467.html"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/bugtraq/2012/Sep/38"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/51326"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/51327"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/51328"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/51393"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/51634"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV29665"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21615705"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21615800"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616490"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616594"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616616"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616617"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616652"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616708"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21621154"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21631786"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/55495"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78766"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21616546"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1465.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1466.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1467.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/bugtraq/2012/Sep/38"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/51326"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/51327"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/51328"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/51393"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/51634"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV29665"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21615705"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21615800"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616490"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616594"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616616"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616617"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616652"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616708"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21621154"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21631786"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/55495"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78766"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21616546"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-03-25 19:55
Modified
2024-11-21 01:26
Severity ?
Summary
The default configuration of the server console in IBM Lotus Domino does not require a password (aka Server_Console_Password), which allows physically proximate attackers to perform administrative changes or obtain sensitive information via a (1) Load, (2) Tell, or (3) Set Configuration command.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | lotus_domino | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BE9179CA-5855-4F19-BAA6-D0A6DF468B9B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The default configuration of the server console in IBM Lotus Domino does not require a password (aka Server_Console_Password), which allows physically proximate attackers to perform administrative changes or obtain sensitive information via a (1) Load, (2) Tell, or (3) Set Configuration command."
},
{
"lang": "es",
"value": "La configuraci\u00f3n por defecto de la consola del servidor de IBM Lotus Domino no requiere una contrase\u00f1a (Server_Console_Password), lo que permite realizar cambios administrativos u obtener informaci\u00f3n sensible a atacantes f\u00edsicamente pr\u00f3ximos a trav\u00e9s de un comando (1) Load, (2) Tell, o (3) Set para un fichero de configuraci\u00f3n."
}
],
"id": "CVE-2011-1520",
"lastModified": "2024-11-21T01:26:30.157",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-03-25T19:55:02.027",
"references": [
{
"source": "cve@mitre.org",
"url": "http://publib.boulder.ibm.com/infocenter/domhelp/v8r0/index.jsp?topic=/com.ibm.help.domino.admin.doc/DOC/H_THE_DOMINO_CONTROLLER_AND_CONSOLE_OVER.html"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/8164"
},
{
"source": "cve@mitre.org",
"url": "http://www.lotus.com/ldd/doc/domino_notes/rnext/help6_admin.nsf/2e73cbb2141acefa85256b8700688cea/0c50e423038555d085256c1d003a31f0?OpenDocument"
},
{
"source": "cve@mitre.org",
"url": "http://www.lotus.com/ldd/dominowiki.nsf/dx/server_console_password"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/517119/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-11-110"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://publib.boulder.ibm.com/infocenter/domhelp/v8r0/index.jsp?topic=/com.ibm.help.domino.admin.doc/DOC/H_THE_DOMINO_CONTROLLER_AND_CONSOLE_OVER.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/8164"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.lotus.com/ldd/doc/domino_notes/rnext/help6_admin.nsf/2e73cbb2141acefa85256b8700688cea/0c50e423038555d085256c1d003a31f0?OpenDocument"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.lotus.com/ldd/dominowiki.nsf/dx/server_console_password"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/517119/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-11-110"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-10-29 21:46
Modified
2024-11-21 00:38
Severity ?
Summary
Incomplete blacklist vulnerability in the Certificate Authority (CA) in IBM Lotus Domino before 7.0.3 allows local users, or attackers with physical access, to obtain sensitive information (passwords) when an administrator enters a "ca activate" or "ca unlock" command with any uppercase character, which bypasses a blacklist designed to suppress password logging, resulting in cleartext password disclosure in the console log and Admin panel.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | lotus_domino | 6.5.5 | |
| ibm | lotus_domino | 6.5.5 | |
| ibm | lotus_domino | 6.5.5 | |
| ibm | lotus_domino | 6.5.5 | |
| ibm | lotus_domino | 6.5.6 | |
| ibm | lotus_domino | 6.5.6 | |
| ibm | lotus_domino | 7.0 | |
| ibm | lotus_domino | 7.0.2 | |
| ibm | lotus_domino | 7.0.2 | |
| ibm | lotus_domino | 7.0.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C709D66D-3AE7-48B7-9E27-5D1FE452643C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.5:*:fp1:*:*:*:*:*",
"matchCriteriaId": "7B0B5F96-0762-45D3-B13E-1E4ED04AD69D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.5:*:fp2:*:*:*:*:*",
"matchCriteriaId": "DB1EA406-6488-46C0-B857-0BFFAA65B258",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.5:*:fp3:*:*:*:*:*",
"matchCriteriaId": "D36E3D33-5A60-4846-BED2-8BF3AFC9BBE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FB5AE863-C29F-4D32-8845-2D2426085071",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.6:*:fp1:*:*:*:*:*",
"matchCriteriaId": "1DD8A9BA-5E05-47D8-9C15-60A49A3C3141",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8FDDB5FD-9152-4A9C-829B-8BA2ACB3A5A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "69495B18-39A4-443F-A724-F713C4DD14A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:7.0.2:*:fp1:*:*:*:*:*",
"matchCriteriaId": "4A7F62D7-8225-4B84-A3CE-B91616B5AAD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:7.0.2:*:fp2:*:*:*:*:*",
"matchCriteriaId": "82718D37-02FA-4EA0-ABB6-167B5A0A2F0B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incomplete blacklist vulnerability in the Certificate Authority (CA) in IBM Lotus Domino before 7.0.3 allows local users, or attackers with physical access, to obtain sensitive information (passwords) when an administrator enters a \"ca activate\" or \"ca unlock\" command with any uppercase character, which bypasses a blacklist designed to suppress password logging, resulting in cleartext password disclosure in the console log and Admin panel."
},
{
"lang": "es",
"value": "Vulnerabilidad de lista negra incompleta en la Autoridad de Certificaci\u00f3n (CA) de IBM Lotus Domino versiones anteriores a 7.0.3 permite a usuarios locales, o atacantes con acceso f\u00edsico, obtener informaci\u00f3n confidencial (contrase\u00f1as) cuando un administrador introduce un comando \"ca activate\" \u00f3 \"ca unlock\" con cualquier caracter may\u00fasuclas, lo cual evita una lista negra dise\u00f1ada para evitar autenticaci\u00f3n con contrase\u00f1a, provocando la visualizaci\u00f3n de la contrase\u00f1a en texto en claro por la consola de trazas y el panel de administraci\u00f3n."
}
],
"id": "CVE-2007-5701",
"lastModified": "2024-11-21T00:38:29.710",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-10-29T21:46:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/40952"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27321"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21261095"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/26176"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/3598"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37372"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/40952"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27321"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21261095"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/26176"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/3598"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37372"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
},
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-08-12 00:55
Modified
2024-11-21 02:07
Severity ?
Summary
Unspecified vulnerability in the IBM Java Virtual Machine, as used in IBM WebSphere Real Time 3 before Service Refresh 7 FP1 and other products, allows remote attackers to gain privileges by leveraging the ability to execute code in the context of a security manager.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | lotus_notes | 8.5.3.0 | |
| ibm | lotus_notes | 9.0.1.0 | |
| ibm | lotus_domino | 8.5.3.0 | |
| ibm | lotus_domino | 9.0.1.0 | |
| ibm | websphere_real_time | 3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AA1030B1-B276-4185-AC5F-5B7E35F847E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:9.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A53C163-AA20-4228-8BE4-58E22F742557",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "350ACC22-669F-4429-A525-36F56EF9678C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:9.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AA3B3D5F-EB63-4ABA-8A27-BD654422DA54",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_real_time:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "88CB9D0F-DCAB-484D-ACA8-64772659EE6B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the IBM Java Virtual Machine, as used in IBM WebSphere Real Time 3 before Service Refresh 7 FP1 and other products, allows remote attackers to gain privileges by leveraging the ability to execute code in the context of a security manager."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en IBM Java Virtual Machine, utilizado en IBM WebSphere Real Time 3 anterior a Service Refresh 7 FP1 y otros productos, permite a atacantes remotos ganar privilegios mediante el aprovechamiento de la habilidad de ejecutar c\u00f3digo en el contexto de un gestor de seguridad."
}
],
"id": "CVE-2014-3086",
"lastModified": "2024-11-21T02:07:26.227",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-08-12T00:55:03.657",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://secunia.com/advisories/59680"
},
{
"source": "psirt@us.ibm.com",
"url": "http://secunia.com/advisories/60081"
},
{
"source": "psirt@us.ibm.com",
"url": "http://secunia.com/advisories/60317"
},
{
"source": "psirt@us.ibm.com",
"url": "http://secunia.com/advisories/60622"
},
{
"source": "psirt@us.ibm.com",
"url": "http://secunia.com/advisories/61577"
},
{
"source": "psirt@us.ibm.com",
"url": "http://secunia.com/advisories/61640"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV62634"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680333"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680334"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686383"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686824"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securityfocus.com/bid/69183"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94097"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/59680"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/60081"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/60317"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/60622"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/61577"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/61640"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV62634"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680333"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680334"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686383"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686824"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/69183"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94097"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-03-25 19:55
Modified
2024-11-21 01:26
Severity ?
Summary
The remote console in the Server Controller in IBM Lotus Domino 7.x and 8.x verifies credentials against a file located at a UNC share pathname specified by the client, which allows remote attackers to bypass authentication, and consequently execute arbitrary code, by placing this pathname in the COOKIEFILE field. NOTE: this might overlap CVE-2011-0920.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | lotus_domino | 7.0 | |
| ibm | lotus_domino | 7.0.1 | |
| ibm | lotus_domino | 7.0.1.1 | |
| ibm | lotus_domino | 7.0.2 | |
| ibm | lotus_domino | 7.0.2.1 | |
| ibm | lotus_domino | 7.0.2.2 | |
| ibm | lotus_domino | 7.0.2.3 | |
| ibm | lotus_domino | 7.0.3 | |
| ibm | lotus_domino | 7.0.3.1 | |
| ibm | lotus_domino | 7.0.4 | |
| ibm | lotus_domino | 7.0.4.1 | |
| ibm | lotus_domino | 7.0.4.2 | |
| ibm | lotus_domino | 8.0 | |
| ibm | lotus_domino | 8.0.1 | |
| ibm | lotus_domino | 8.0.2 | |
| ibm | lotus_domino | 8.0.2.1 | |
| ibm | lotus_domino | 8.0.2.2 | |
| ibm | lotus_domino | 8.0.2.3 | |
| ibm | lotus_domino | 8.0.2.4 | |
| ibm | lotus_domino | 8.0.2.5 | |
| ibm | lotus_domino | 8.0.2.6 | |
| ibm | lotus_domino | 8.5.0 | |
| ibm | lotus_domino | 8.5.0.1 | |
| ibm | lotus_domino | 8.5.1 | |
| ibm | lotus_domino | 8.5.1.1 | |
| ibm | lotus_domino | 8.5.1.2 | |
| ibm | lotus_domino | 8.5.1.3 | |
| ibm | lotus_domino | 8.5.1.4 | |
| ibm | lotus_domino | 8.5.1.5 | |
| ibm | lotus_domino | 8.5.2 | |
| ibm | lotus_domino | 8.5.2.1 | |
| ibm | lotus_domino | 8.5.2.2 | |
| ibm | lotus_domino | 8.5.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8FDDB5FD-9152-4A9C-829B-8BA2ACB3A5A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A8A7AF44-125F-4760-8370-34B7B4CB8753",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:7.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "48E4A116-4FEF-4EAF-B4C4-F6096853F791",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "69495B18-39A4-443F-A724-F713C4DD14A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:7.0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "63DD600E-2405-4954-B4EC-218ED0CF2492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:7.0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "42C54057-4166-476B-A184-CD3F4844D0D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:7.0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A0224534-201F-428A-A2D8-2C957BF57149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:7.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A946E7EE-769E-4676-AA7A-97CDD9168A5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:7.0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4AA31957-2452-4992-8DDA-7DDAAD09EC1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:7.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C8B5F961-7652-4967-BEEF-22F09484CDD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:7.0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "23E14D9F-97E1-4DFA-994F-DF7F118BFFA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:7.0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B09BFA8E-8F0F-4517-9F6A-B1097902324F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6C3DB9C3-4DAC-4663-9097-95600E13FCDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CE8510F6-D054-488E-99E9-A58272C47AA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "15DB2AF7-B494-4494-8686-33CB6A4C2CDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6FD6A3A3-6D6C-4EE0-B092-862DB03AC320",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1D2A467B-72FA-4280-A397-BC9D86D5B012",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D419EFAE-E03F-4F4A-8C18-06BE61EBBF5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.0.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F936FD55-AD59-47B3-8591-3F79B2ABB4E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.0.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E2FDC12D-2B2F-4967-8863-95A0F5AC2F21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.0.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E99A0A69-D443-469D-BDAB-F0250420C128",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A1588F54-4E8B-43C3-85E5-A12C04B694CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B6DDD0E9-9084-4F0A-B3F1-8357CAD88A3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E0059358-69C1-4F89-B4E6-B6BE22845D33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ECF00AEE-9A3A-46E3-8B0F-2131E3235431",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9861BE52-4945-4F36-B6EF-701DB789CA28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0D6BFA82-5CA0-403F-98E6-342EF87AE366",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "79CBA8AF-9C3D-4510-8D91-7C42931CD3FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6DB694E3-96E1-4283-8DE3-91E930F76A65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "05403BDA-56C0-465B-9669-19794DC7A7D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "91D7FA80-1FD9-48F3-934A-FC7B3BAD4FD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E30C8593-884E-4F6B-B107-0B3276EB1102",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5B0240F4-91FB-471A-A6C5-62838323CC61",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The remote console in the Server Controller in IBM Lotus Domino 7.x and 8.x verifies credentials against a file located at a UNC share pathname specified by the client, which allows remote attackers to bypass authentication, and consequently execute arbitrary code, by placing this pathname in the COOKIEFILE field. NOTE: this might overlap CVE-2011-0920."
},
{
"lang": "es",
"value": "La consola remota en el controlador del servidor de IBM Lotus Domino v7.x y v8.x comprueba las credenciales contra un archivo ubicado en una ruta de acceso compartido UNC especificada por el cliente, lo que permite a atacantes remotos evitar la autenticaci\u00f3n, y por lo tanto ejecutar c\u00f3digo arbitrario, mediante la colocaci\u00f3n de esta ruta en el campo COOKIEFILE. NOTA: esto puede superponerse al CVE-2011-0.920."
}
],
"id": "CVE-2011-1519",
"lastModified": "2024-11-21T01:26:30.000",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-03-25T19:55:01.747",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43860"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/8164"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1025241"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/517119/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/46985"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0758"
},
{
"source": "cve@mitre.org",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-11-110"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43860"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/8164"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1025241"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/517119/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/46985"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0758"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-11-110"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-01-09 11:03
Modified
2024-11-21 00:05
Severity ?
Summary
Multiple unspecified vulnerabilities in IBM Lotus Notes and Domino Server before 6.5.5 have unknown impact and attack vectors, due to "potential security issues" as identified by SPR numbers (1) GPKS6C9J67 in Agents, (2) JGAN6B6TZ3 and (3) KSPR699NBP in the Router, (4) GPKS5YQGPT in Security, or (5) HSAO6BNL6Y in the Web Server. NOTE: vector 3 is related to an issue in NROUTER in IBM Lotus Notes and Domino Server before 6.5.4 FP1, 6.5.5, and 7.0, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted vCal meeting request sent via SMTP (aka SPR# KSPR699NBP).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | lotus_domino | 6.5.0 | |
| ibm | lotus_domino | 6.5.1 | |
| ibm | lotus_domino | 6.5.2 | |
| ibm | lotus_domino | 6.5.3 | |
| ibm | lotus_domino | 6.5.4 | |
| ibm | lotus_domino | 6.5.4 | |
| ibm | lotus_domino | 6.5.4 | |
| ibm | lotus_domino_enterprise_server | 6.5.2 | |
| ibm | lotus_domino_enterprise_server | 6.5.4 | |
| ibm | lotus_notes | 6.5 | |
| ibm | lotus_notes | 6.5.1 | |
| ibm | lotus_notes | 6.5.2 | |
| ibm | lotus_notes | 6.5.3 | |
| ibm | lotus_notes | 6.5.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0766C3F9-D2A2-4A58-9FF7-11B57232DEA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C00B8057-26DF-4064-A934-0AA88A0C1A6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8EFA5487-2D61-4E61-98A3-51882A8CE0C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A95404CC-47B8-40C6-BCED-FC3E68CA8D8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8F342FD1-7A60-4E7D-B56A-E1C3D560C728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.4:*:fp1:*:*:*:*:*",
"matchCriteriaId": "99E2CC18-4049-470A-B6DB-580C65FED0A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.4:*:fp2:*:*:*:*:*",
"matchCriteriaId": "2396543F-1507-493C-B57F-3082D6E68894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino_enterprise_server:6.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "40882B15-23A7-456C-B4DB-B1C7246BBC28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino_enterprise_server:6.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9D3195CA-CB62-4AEF-AC8C-C985A372FD89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1360A50E-C1E1-4690-874A-04CC7C1A77CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:6.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D94927A9-61FD-459F-9A6D-E581A4AF505C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:6.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D3B32BA2-9EB7-4294-A857-226A5B1CC401",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:6.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EF64CA16-6C20-42E1-BA68-BD63A873BFA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:6.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "12D7DD7B-CA90-44A5-9B7B-4A4985150689",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in IBM Lotus Notes and Domino Server before 6.5.5 have unknown impact and attack vectors, due to \"potential security issues\" as identified by SPR numbers (1) GPKS6C9J67 in Agents, (2) JGAN6B6TZ3 and (3) KSPR699NBP in the Router, (4) GPKS5YQGPT in Security, or (5) HSAO6BNL6Y in the Web Server. NOTE: vector 3 is related to an issue in NROUTER in IBM Lotus Notes and Domino Server before 6.5.4 FP1, 6.5.5, and 7.0, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted vCal meeting request sent via SMTP (aka SPR# KSPR699NBP)."
}
],
"id": "CVE-2006-0119",
"lastModified": "2024-11-21T00:05:41.547",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-01-09T11:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18328"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20855"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1016390"
},
{
"source": "cve@mitre.org",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg27007054"
},
{
"source": "cve@mitre.org",
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/94a77eb898843aca8525709200001de1?OpenDocument\u0026Highlight=0%2CJGAN6B6TZ3"
},
{
"source": "cve@mitre.org",
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/9a1650d1a771f3078525702a00420def?OpenDocument\u0026Highlight=0%2CHSAO6BNL6Y"
},
{
"source": "cve@mitre.org",
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/d1150fc9c5dec8b18525709200001da6?OpenDocument\u0026Highlight=0%2CGPKS6C9J67"
},
{
"source": "cve@mitre.org",
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/de2ab57a5b9547848525701b00420c2c?OpenDocument\u0026Highlight=0%2CKSPR699NBP"
},
{
"source": "cve@mitre.org",
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/e4deb1cbb011c747852570e4001ba9bb?OpenDocument\u0026Highlight=0%2CGPKS5YQGPT"
},
{
"source": "cve@mitre.org",
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/f97fe7cfd9a8113b8525709200001db4?OpenDocument\u0026Highlight=0%2CGPKS6C9J67"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/438461/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/16158"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/18020"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/0081"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/2564"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24207"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24211"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27413"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18328"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20855"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016390"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg27007054"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/94a77eb898843aca8525709200001de1?OpenDocument\u0026Highlight=0%2CJGAN6B6TZ3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/9a1650d1a771f3078525702a00420def?OpenDocument\u0026Highlight=0%2CHSAO6BNL6Y"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/d1150fc9c5dec8b18525709200001da6?OpenDocument\u0026Highlight=0%2CGPKS6C9J67"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/de2ab57a5b9547848525701b00420c2c?OpenDocument\u0026Highlight=0%2CKSPR699NBP"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/e4deb1cbb011c747852570e4001ba9bb?OpenDocument\u0026Highlight=0%2CGPKS5YQGPT"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/f97fe7cfd9a8113b8525709200001db4?OpenDocument\u0026Highlight=0%2CGPKS6C9J67"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/438461/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/16158"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/18020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/0081"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/2564"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24207"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24211"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27413"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-11-08 04:47
Modified
2024-11-21 01:54
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in webadmin.nsf in Domino Web Administrator in IBM Domino 8.5 and 9.0 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | lotus_domino | 8.5.0 | |
| ibm | lotus_domino | 9.0.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A1588F54-4E8B-43C3-85E5-A12C04B694CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:9.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7025B610-6988-4A78-B0ED-6FB728AA6C28",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in webadmin.nsf in Domino Web Administrator in IBM Domino 8.5 and 9.0 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad CSRF en webadmin.nsf en Domino Web Administrator de IBM Domino 8.5 y 9.0 permite a usuarios remotos autenticados secuestrar la autenticaci\u00f3n de v\u00edctimas sin especificar a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2013-4050",
"lastModified": "2024-11-21T01:54:47.287",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-11-08T04:47:22.837",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21652988"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86433"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21652988"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86433"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-08-06 04:00
Modified
2024-11-20 23:49
Severity ?
Summary
Lotus Domino 6.5.0 and 6.5.1, with IMAP enabled, allows remote authenticated users to change their quota by using the IMAP setquota command.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | lotus_domino | 6.5.0 | |
| ibm | lotus_domino | 6.5.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0766C3F9-D2A2-4A58-9FF7-11B57232DEA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C00B8057-26DF-4064-A934-0AA88A0C1A6F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Lotus Domino 6.5.0 and 6.5.1, with IMAP enabled, allows remote authenticated users to change their quota by using the IMAP setquota command."
}
],
"id": "CVE-2004-0669",
"lastModified": "2024-11-20T23:49:07.713",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-08-06T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=108869022708571\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10642"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16575"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=108869022708571\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10642"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16575"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-03-03 19:30
Modified
2024-11-21 01:13
Severity ?
Summary
Multiple unspecified vulnerabilities in the UltraLite functionality in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.281 for Domino 8.0.2 FP4 have unknown impact and attack vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | lotus_inotes | * | |
| ibm | lotus_inotes | 229.011 | |
| ibm | lotus_inotes | 229.021 | |
| ibm | lotus_inotes | 229.031 | |
| ibm | lotus_inotes | 229.041 | |
| ibm | lotus_inotes | 229.051 | |
| ibm | lotus_inotes | 229.061 | |
| ibm | lotus_inotes | 229.101 | |
| ibm | lotus_inotes | 229.111 | |
| ibm | lotus_inotes | 229.131 | |
| ibm | lotus_inotes | 229.141 | |
| ibm | lotus_inotes | 229.151 | |
| ibm | lotus_inotes | 229.161 | |
| ibm | lotus_inotes | 229.171 | |
| ibm | lotus_inotes | 229.181 | |
| ibm | lotus_inotes | 229.191 | |
| ibm | lotus_inotes | 229.201 | |
| ibm | lotus_inotes | 229.211 | |
| ibm | lotus_inotes | 229.221 | |
| ibm | lotus_inotes | 229.231 | |
| ibm | lotus_inotes | 229.241 | |
| ibm | lotus_inotes | 229.251 | |
| ibm | lotus_inotes | 229.261 | |
| ibm | lotus_domino | 8.0.2.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DA92AB06-5510-4109-AE3A-75834E5F8A00",
"versionEndIncluding": "229.271",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.011:*:*:*:*:*:*:*",
"matchCriteriaId": "62AF2DA6-98E4-4921-B36C-AA5771B3629E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.021:*:*:*:*:*:*:*",
"matchCriteriaId": "3CC0B87F-B742-466D-BF93-56BFECAC2E54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.031:*:*:*:*:*:*:*",
"matchCriteriaId": "708BEAEF-B186-470D-8148-9C0703B42765",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.041:*:*:*:*:*:*:*",
"matchCriteriaId": "83C58751-33AE-4A3F-A096-AB13FC8A64A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.051:*:*:*:*:*:*:*",
"matchCriteriaId": "01E2E70E-3C00-4AA2-AF8D-349E82806FA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.061:*:*:*:*:*:*:*",
"matchCriteriaId": "3508BE09-6B84-4819-BC0F-7E23964FE29D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.101:*:*:*:*:*:*:*",
"matchCriteriaId": "1A17FFE5-97F5-45D0-8C54-3C22BF1FFA72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.111:*:*:*:*:*:*:*",
"matchCriteriaId": "CE8C8052-8980-4265-929B-E27B6A914B4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.131:*:*:*:*:*:*:*",
"matchCriteriaId": "2D6C0F89-47E6-4895-909D-6AF8DBFE2477",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.141:*:*:*:*:*:*:*",
"matchCriteriaId": "590EBAF8-04A9-4DAD-9FCF-B1B38FF03374",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.151:*:*:*:*:*:*:*",
"matchCriteriaId": "717F7305-98E1-403D-B08A-6FE1FD83D2C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.161:*:*:*:*:*:*:*",
"matchCriteriaId": "3C4B46DA-B4E6-4AB0-AD85-7C77EFE14063",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.171:*:*:*:*:*:*:*",
"matchCriteriaId": "E1862CF3-0BF2-4F1B-80A9-0B5B02005A1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.181:*:*:*:*:*:*:*",
"matchCriteriaId": "1CC9488A-F368-498E-8CDE-2ADC6AED470B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.191:*:*:*:*:*:*:*",
"matchCriteriaId": "A2F8C056-91A2-410B-942A-E108B93AD1E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.201:*:*:*:*:*:*:*",
"matchCriteriaId": "BCD1A2BB-F7FC-4FE1-B633-F0AF79E0F5FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.211:*:*:*:*:*:*:*",
"matchCriteriaId": "805C7074-679E-4F11-A055-8C52B4E26F5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.221:*:*:*:*:*:*:*",
"matchCriteriaId": "840A1975-0C5B-44F0-9F2E-1BBE02AA0484",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.231:*:*:*:*:*:*:*",
"matchCriteriaId": "33A29245-F9DA-4F77-91EE-21C1FA3CE784",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.241:*:*:*:*:*:*:*",
"matchCriteriaId": "B55ED49B-092B-411B-84AE-847770EE096B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.251:*:*:*:*:*:*:*",
"matchCriteriaId": "483C2E2D-424C-453B-9D51-F53C6B32178B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.261:*:*:*:*:*:*:*",
"matchCriteriaId": "4348F385-9AE1-4F8C-9F22-BE50FCA3710B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.0.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F936FD55-AD59-47B3-8591-3F79B2ABB4E9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in the UltraLite functionality in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.281 for Domino 8.0.2 FP4 have unknown impact and attack vectors."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades no especificadas en la funcionalidad UltraLite en IBM Lotus iNotes (alias Domino Web Access o DWA) en versiones anteriores a la 229.281 para Domino 8.0.2 FP4 tienen un impacto y unos vectores de ataque desconocidos."
}
],
"id": "CVE-2010-0918",
"lastModified": "2024-11-21T01:13:12.523",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-03-03T19:30:00.710",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27018109"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/38459"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0496"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56557"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27018109"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/38459"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0496"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56557"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-02-08 22:00
Modified
2024-11-21 01:25
Severity ?
Summary
The Remote Console in IBM Lotus Domino, when a certain unsupported configuration involving UNC share pathnames is used, allows remote attackers to bypass authentication and execute arbitrary code via unspecified vectors, aka SPR PRAD89WGRS.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | lotus_domino | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BE9179CA-5855-4F19-BAA6-D0A6DF468B9B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Remote Console in IBM Lotus Domino, when a certain unsupported configuration involving UNC share pathnames is used, allows remote attackers to bypass authentication and execute arbitrary code via unspecified vectors, aka SPR PRAD89WGRS."
},
{
"lang": "es",
"value": "La consola remota en IBM Lotus Domino, cuando se utiliza una determinada configuraci\u00f3n no compatible implicada en rutas de acceso UNC, permite a atacantes remotos evitar la autenticaci\u00f3n y ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de vectores no especificados, tambi\u00e9n conocido como SPR PRAD89WGRS."
}
],
"id": "CVE-2011-0920",
"lastModified": "2024-11-21T01:25:10.163",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-02-08T22:00:02.947",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21461514"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21461514"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-02-06 23:55
Modified
2024-11-21 02:02
Severity ?
Summary
The IMAP server in IBM Domino 8.5.x before 8.5.3 FP6 IF1 and 9.0.x before 9.0.1 FP1 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, aka SPR KLYH9F4S2Z.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | lotus_domino | 8.5.0 | |
| ibm | lotus_domino | 8.5.0.1 | |
| ibm | lotus_domino | 8.5.1 | |
| ibm | lotus_domino | 8.5.1.1 | |
| ibm | lotus_domino | 8.5.1.2 | |
| ibm | lotus_domino | 8.5.1.3 | |
| ibm | lotus_domino | 8.5.1.4 | |
| ibm | lotus_domino | 8.5.1.5 | |
| ibm | lotus_domino | 8.5.2.0 | |
| ibm | lotus_domino | 8.5.2.1 | |
| ibm | lotus_domino | 8.5.2.2 | |
| ibm | lotus_domino | 8.5.2.3 | |
| ibm | lotus_domino | 8.5.2.4 | |
| ibm | lotus_domino | 8.5.3.0 | |
| ibm | lotus_domino | 8.5.3.1 | |
| ibm | lotus_domino | 8.5.3.2 | |
| ibm | lotus_domino | 8.5.3.3 | |
| ibm | lotus_domino | 8.5.3.4 | |
| ibm | lotus_domino | 8.5.3.5 | |
| ibm | lotus_domino | 9.0.0.0 | |
| ibm | lotus_domino | 9.0.1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A1588F54-4E8B-43C3-85E5-A12C04B694CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B6DDD0E9-9084-4F0A-B3F1-8357CAD88A3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E0059358-69C1-4F89-B4E6-B6BE22845D33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ECF00AEE-9A3A-46E3-8B0F-2131E3235431",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9861BE52-4945-4F36-B6EF-701DB789CA28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0D6BFA82-5CA0-403F-98E6-342EF87AE366",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "79CBA8AF-9C3D-4510-8D91-7C42931CD3FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6DB694E3-96E1-4283-8DE3-91E930F76A65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EDB2B497-83A2-41A4-9F0D-CD17080CC1DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "91D7FA80-1FD9-48F3-934A-FC7B3BAD4FD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E30C8593-884E-4F6B-B107-0B3276EB1102",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A5B5CCB4-BB4F-4677-A7AA-B7C20682A00D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2408220F-FBDB-419E-8F04-35BED47CE213",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "350ACC22-669F-4429-A525-36F56EF9678C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3C068055-FB7A-4AFB-AF29-28238ECF126F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1ACB4B2C-CCE1-4A0A-B962-B8C208869589",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BC1A8676-B2CA-49FF-A43E-EAC62170BF82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "71ADC0C5-36E9-426E-B302-56804B1800BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "24863689-9472-4C56-B3A8-3053494437C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:9.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7025B610-6988-4A78-B0ED-6FB728AA6C28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:9.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AA3B3D5F-EB63-4ABA-8A27-BD654422DA54",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The IMAP server in IBM Domino 8.5.x before 8.5.3 FP6 IF1 and 9.0.x before 9.0.1 FP1 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, aka SPR KLYH9F4S2Z."
},
{
"lang": "es",
"value": "El servidor IMAP en IBM Domino 8.5.x anterior a 8.5.3 FP6 IF1 y 9.0.x anterior a 9.0.1 FP1 permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda del demonio) a trav\u00e9s de vectores no especificados, tambi\u00e9n conocido como SPR KLYH9F4S2Z."
}
],
"id": "CVE-2014-0822",
"lastModified": "2024-11-21T02:02:51.533",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-02-06T23:55:04.007",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://osvdb.org/102912"
},
{
"source": "psirt@us.ibm.com",
"url": "http://secunia.com/advisories/56791"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21663023"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90235"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/102912"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/56791"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21663023"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90235"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:53
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Lotus Domino 6.0.x before 6.0.4 and 6.5.x before 6.5.2 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | lotus_domino | 6.0 | |
| ibm | lotus_domino | 6.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A9989FEB-3B5E-40FF-BDBF-CFC835BCF93B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "53D6F4E6-2C8A-40B6-9DB9-38E15D2AFEEF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Lotus Domino 6.0.x before 6.0.4 and 6.5.x before 6.5.2 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors."
}
],
"id": "CVE-2004-2667",
"lastModified": "2024-11-20T23:53:56.170",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/11925"
},
{
"source": "cve@mitre.org",
"url": "http://www-1.ibm.com/support/docview.wss?rs=463\u0026uid=swg21171253"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/displayvuln.php?osvdb_id=7268"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/11925"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-1.ibm.com/support/docview.wss?rs=463\u0026uid=swg21171253"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/displayvuln.php?osvdb_id=7268"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-03-03 19:30
Modified
2024-11-21 01:13
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.281 for Domino 8.0.2 FP4 allows remote attackers to hijack the authentication of unspecified victims via vectors related to lack of "XSS/CSRF Get Filter and Referer Check fixes."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | lotus_inotes | * | |
| ibm | lotus_inotes | 229.011 | |
| ibm | lotus_inotes | 229.021 | |
| ibm | lotus_inotes | 229.031 | |
| ibm | lotus_inotes | 229.041 | |
| ibm | lotus_inotes | 229.051 | |
| ibm | lotus_inotes | 229.061 | |
| ibm | lotus_inotes | 229.101 | |
| ibm | lotus_inotes | 229.111 | |
| ibm | lotus_inotes | 229.131 | |
| ibm | lotus_inotes | 229.141 | |
| ibm | lotus_inotes | 229.151 | |
| ibm | lotus_inotes | 229.161 | |
| ibm | lotus_inotes | 229.171 | |
| ibm | lotus_inotes | 229.181 | |
| ibm | lotus_inotes | 229.191 | |
| ibm | lotus_inotes | 229.201 | |
| ibm | lotus_inotes | 229.211 | |
| ibm | lotus_inotes | 229.221 | |
| ibm | lotus_inotes | 229.231 | |
| ibm | lotus_inotes | 229.241 | |
| ibm | lotus_inotes | 229.251 | |
| ibm | lotus_inotes | 229.261 | |
| ibm | lotus_domino | 8.0.2.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DA92AB06-5510-4109-AE3A-75834E5F8A00",
"versionEndIncluding": "229.271",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.011:*:*:*:*:*:*:*",
"matchCriteriaId": "62AF2DA6-98E4-4921-B36C-AA5771B3629E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.021:*:*:*:*:*:*:*",
"matchCriteriaId": "3CC0B87F-B742-466D-BF93-56BFECAC2E54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.031:*:*:*:*:*:*:*",
"matchCriteriaId": "708BEAEF-B186-470D-8148-9C0703B42765",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.041:*:*:*:*:*:*:*",
"matchCriteriaId": "83C58751-33AE-4A3F-A096-AB13FC8A64A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.051:*:*:*:*:*:*:*",
"matchCriteriaId": "01E2E70E-3C00-4AA2-AF8D-349E82806FA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.061:*:*:*:*:*:*:*",
"matchCriteriaId": "3508BE09-6B84-4819-BC0F-7E23964FE29D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.101:*:*:*:*:*:*:*",
"matchCriteriaId": "1A17FFE5-97F5-45D0-8C54-3C22BF1FFA72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.111:*:*:*:*:*:*:*",
"matchCriteriaId": "CE8C8052-8980-4265-929B-E27B6A914B4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.131:*:*:*:*:*:*:*",
"matchCriteriaId": "2D6C0F89-47E6-4895-909D-6AF8DBFE2477",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.141:*:*:*:*:*:*:*",
"matchCriteriaId": "590EBAF8-04A9-4DAD-9FCF-B1B38FF03374",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.151:*:*:*:*:*:*:*",
"matchCriteriaId": "717F7305-98E1-403D-B08A-6FE1FD83D2C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.161:*:*:*:*:*:*:*",
"matchCriteriaId": "3C4B46DA-B4E6-4AB0-AD85-7C77EFE14063",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.171:*:*:*:*:*:*:*",
"matchCriteriaId": "E1862CF3-0BF2-4F1B-80A9-0B5B02005A1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.181:*:*:*:*:*:*:*",
"matchCriteriaId": "1CC9488A-F368-498E-8CDE-2ADC6AED470B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.191:*:*:*:*:*:*:*",
"matchCriteriaId": "A2F8C056-91A2-410B-942A-E108B93AD1E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.201:*:*:*:*:*:*:*",
"matchCriteriaId": "BCD1A2BB-F7FC-4FE1-B633-F0AF79E0F5FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.211:*:*:*:*:*:*:*",
"matchCriteriaId": "805C7074-679E-4F11-A055-8C52B4E26F5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.221:*:*:*:*:*:*:*",
"matchCriteriaId": "840A1975-0C5B-44F0-9F2E-1BBE02AA0484",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.231:*:*:*:*:*:*:*",
"matchCriteriaId": "33A29245-F9DA-4F77-91EE-21C1FA3CE784",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.241:*:*:*:*:*:*:*",
"matchCriteriaId": "B55ED49B-092B-411B-84AE-847770EE096B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.251:*:*:*:*:*:*:*",
"matchCriteriaId": "483C2E2D-424C-453B-9D51-F53C6B32178B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.261:*:*:*:*:*:*:*",
"matchCriteriaId": "4348F385-9AE1-4F8C-9F22-BE50FCA3710B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.0.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F936FD55-AD59-47B3-8591-3F79B2ABB4E9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.281 for Domino 8.0.2 FP4 allows remote attackers to hijack the authentication of unspecified victims via vectors related to lack of \"XSS/CSRF Get Filter and Referer Check fixes.\""
},
{
"lang": "es",
"value": "Vulnerabilidad de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en IBM Lotus iNotes (alias Domino Web Access o DWA) en versiones anteriores a la 229.281 para Domino 8.0.2 FP4 permite a atacantes remotos secuestrar la autenticaci\u00f3n de vict\u00edmas al azar mediante vectores relacionados con la falta de \"XSS/CSRF Get Filter and Referer Check fixes.\""
}
],
"id": "CVE-2010-0921",
"lastModified": "2024-11-21T01:13:12.933",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-03-03T19:30:00.820",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27018109"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/38459"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0496"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56556"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27018109"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/38459"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0496"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56556"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-02-08 22:00
Modified
2024-11-21 01:25
Severity ?
Summary
Stack-based buffer overflow in the NRouter (aka Router) service in IBM Lotus Domino allows remote attackers to execute arbitrary code via long filenames associated with Content-ID and ATTACH:CID headers in attachments in malformed calendar-request e-mail messages, aka SPR KLYH87LKRE.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | lotus_domino | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BE9179CA-5855-4F19-BAA6-D0A6DF468B9B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the NRouter (aka Router) service in IBM Lotus Domino allows remote attackers to execute arbitrary code via long filenames associated with Content-ID and ATTACH:CID headers in attachments in malformed calendar-request e-mail messages, aka SPR KLYH87LKRE."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en el servicio NRouter (tambi\u00e9n conocido como Router) de IBM Lotus Domino permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de nombres largos de archivo asociado con cabeceras Content-ID y ATTACH:CID en los archivos adjuntos con peticiones de calendario mal formadas en mensajes de correo electr\u00f3nico, tambi\u00e9n conocido como SPR KLYH87LKRE."
}
],
"id": "CVE-2011-0918",
"lastModified": "2024-11-21T01:25:09.847",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-02-08T22:00:02.807",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/43224"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21461514"
},
{
"source": "cve@mitre.org",
"url": "http://zerodayinitiative.com/advisories/ZDI-11-046/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/43224"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21461514"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://zerodayinitiative.com/advisories/ZDI-11-046/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-01-09 11:03
Modified
2024-11-21 00:05
Severity ?
Summary
Multiple memory leaks in IBM Lotus Notes and Domino Server before 6.5.5 allow attackers to cause a denial of service (memory consumption and crash) via unknown vectors related to (1) unspecified vectors during the SSL handshake (SPR# MKIN67MQVW), (2) the stash file during the SSL handshake (SPR# MKIN693QUT), and possibly other vectors. NOTE: due to insufficient information in the original vendor advisory, it is not clear whether there is an attacker role in other memory leaks that are specified in the advisory.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | lotus_domino | 6.5.0 | |
| ibm | lotus_domino | 6.5.1 | |
| ibm | lotus_domino | 6.5.2 | |
| ibm | lotus_domino | 6.5.3 | |
| ibm | lotus_domino | 6.5.4 | |
| ibm | lotus_domino | 6.5.4 | |
| ibm | lotus_domino | 6.5.4 | |
| ibm | lotus_domino_enterprise_server | 6.5.2 | |
| ibm | lotus_domino_enterprise_server | 6.5.4 | |
| ibm | lotus_notes | 6.5 | |
| ibm | lotus_notes | 6.5.1 | |
| ibm | lotus_notes | 6.5.2 | |
| ibm | lotus_notes | 6.5.3 | |
| ibm | lotus_notes | 6.5.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0766C3F9-D2A2-4A58-9FF7-11B57232DEA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C00B8057-26DF-4064-A934-0AA88A0C1A6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8EFA5487-2D61-4E61-98A3-51882A8CE0C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A95404CC-47B8-40C6-BCED-FC3E68CA8D8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8F342FD1-7A60-4E7D-B56A-E1C3D560C728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.4:*:fp1:*:*:*:*:*",
"matchCriteriaId": "99E2CC18-4049-470A-B6DB-580C65FED0A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.4:*:fp2:*:*:*:*:*",
"matchCriteriaId": "2396543F-1507-493C-B57F-3082D6E68894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino_enterprise_server:6.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "40882B15-23A7-456C-B4DB-B1C7246BBC28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino_enterprise_server:6.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9D3195CA-CB62-4AEF-AC8C-C985A372FD89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1360A50E-C1E1-4690-874A-04CC7C1A77CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:6.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D94927A9-61FD-459F-9A6D-E581A4AF505C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:6.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D3B32BA2-9EB7-4294-A857-226A5B1CC401",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:6.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EF64CA16-6C20-42E1-BA68-BD63A873BFA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:6.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "12D7DD7B-CA90-44A5-9B7B-4A4985150689",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple memory leaks in IBM Lotus Notes and Domino Server before 6.5.5 allow attackers to cause a denial of service (memory consumption and crash) via unknown vectors related to (1) unspecified vectors during the SSL handshake (SPR# MKIN67MQVW), (2) the stash file during the SSL handshake (SPR# MKIN693QUT), and possibly other vectors. NOTE: due to insufficient information in the original vendor advisory, it is not clear whether there is an attacker role in other memory leaks that are specified in the advisory."
}
],
"id": "CVE-2006-0121",
"lastModified": "2024-11-21T00:05:41.850",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-01-09T11:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18328"
},
{
"source": "cve@mitre.org",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg27007054"
},
{
"source": "cve@mitre.org",
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/20f66e356a76c90f8525702a00420e08?OpenDocument\u0026Highlight=0%2CMKIN67MQVW"
},
{
"source": "cve@mitre.org",
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/2221243535d88a2b8525701b00420cd6?OpenDocument\u0026Highlight=0%2CMKIN693QUT"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/16158"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/0081"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24223"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18328"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg27007054"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/20f66e356a76c90f8525702a00420e08?OpenDocument\u0026Highlight=0%2CMKIN67MQVW"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/2221243535d88a2b8525701b00420cd6?OpenDocument\u0026Highlight=0%2CMKIN693QUT"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/16158"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/0081"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24223"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-11-08 04:47
Modified
2024-11-21 01:54
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in webadmin.nsf in Domino Web Administrator in IBM Domino 8.5 and 9.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2013-4055.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | lotus_domino | 8.5.0 | |
| ibm | lotus_domino | 9.0.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A1588F54-4E8B-43C3-85E5-A12C04B694CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:9.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7025B610-6988-4A78-B0ED-6FB728AA6C28",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in webadmin.nsf in Domino Web Administrator in IBM Domino 8.5 and 9.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2013-4055."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en webadmin.nsf en Domino Web Administrator de IBM Domino 8.5 y 9..0 permite a usuarios remotos autenticados inyectar script web o HTML arbitrario a trav\u00e9s de vectores sin especificar, una vulnerabilidad diferente a CVE-2013-4055."
}
],
"id": "CVE-2013-4051",
"lastModified": "2024-11-21T01:54:47.400",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-11-08T04:47:22.853",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21652988"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86503"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21652988"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86503"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-09-16 21:00
Modified
2024-11-21 01:18
Severity ?
Summary
Stack-based buffer overflow in the MailCheck821Address function in nnotes.dll in the nrouter.exe service in the server in IBM Lotus Domino 8.0.x before 8.0.2 FP5 and 8.5.x before 8.5.1 FP2 allows remote attackers to execute arbitrary code via a long e-mail address in an ORGANIZER:mailto header in an iCalendar calendar-invitation e-mail message, aka SPR NRBY7ZPJ9V.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | lotus_domino | 8.0 | |
| ibm | lotus_domino | 8.0.1 | |
| ibm | lotus_domino | 8.0.2 | |
| ibm | lotus_domino | 8.0.2.1 | |
| ibm | lotus_domino | 8.0.2.2 | |
| ibm | lotus_domino | 8.0.2.3 | |
| ibm | lotus_domino | 8.0.2.4 | |
| ibm | lotus_domino | 8.5.0 | |
| ibm | lotus_domino | 8.5.0.1 | |
| ibm | lotus_domino | 8.5.1 | |
| ibm | lotus_domino | 8.5.1.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6C3DB9C3-4DAC-4663-9097-95600E13FCDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CE8510F6-D054-488E-99E9-A58272C47AA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "15DB2AF7-B494-4494-8686-33CB6A4C2CDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6FD6A3A3-6D6C-4EE0-B092-862DB03AC320",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1D2A467B-72FA-4280-A397-BC9D86D5B012",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D419EFAE-E03F-4F4A-8C18-06BE61EBBF5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.0.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F936FD55-AD59-47B3-8591-3F79B2ABB4E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A1588F54-4E8B-43C3-85E5-A12C04B694CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B6DDD0E9-9084-4F0A-B3F1-8357CAD88A3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E0059358-69C1-4F89-B4E6-B6BE22845D33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ECF00AEE-9A3A-46E3-8B0F-2131E3235431",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the MailCheck821Address function in nnotes.dll in the nrouter.exe service in the server in IBM Lotus Domino 8.0.x before 8.0.2 FP5 and 8.5.x before 8.5.1 FP2 allows remote attackers to execute arbitrary code via a long e-mail address in an ORGANIZER:mailto header in an iCalendar calendar-invitation e-mail message, aka SPR NRBY7ZPJ9V."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en la funci\u00f3n MailCheck821Address en nnotes.dll en el servicio nrouter.exe en el servidor IBM Lotus Domino v8.0.x anterior a v8.0.2 FP5 y v8.5.x anterior a v8.5.1 FP2 permite a atacantes remotos ejecutar c\u00f3digo a su elecci\u00f3n a trav\u00e9s de una direcci\u00f3n de correo electr\u00f3nico larga en un encabezado ORGANIZER:mailto en una mensaje de correo de invitaci\u00f3n de calendario iCalendar, tambi\u00e9n conocido como SPR NRBY7ZPJ9V."
}
],
"id": "CVE-2010-3407",
"lastModified": "2024-11-21T01:18:40.493",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-09-16T21:00:02.233",
"references": [
{
"source": "cve@mitre.org",
"url": "http://labs.mwrinfosecurity.com/advisories/lotus_domino_ical_stack_buffer_overflow/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://labs.mwrinfosecurity.com/files/Advisories/mwri_lotus-domino-ical-stack-overflow_2010-09-14.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41433"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1024448"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21446515"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/8d1c0550e6242b69852570c900549a74/52f9218288b51dcb852576c600741f72?OpenDocument"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/8d1c0550e6242b69852570c900549a74/613a204806e3f211852576e2006afa3d?OpenDocument"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/8d1c0550e6242b69852570c900549a74/af36678d60bd74288525778400534d7c?OpenDocument"
},
{
"source": "cve@mitre.org",
"url": "http://www.exploit-db.com/exploits/15005"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/513706/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/43219"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/2381"
},
{
"source": "cve@mitre.org",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-177/"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61790"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://labs.mwrinfosecurity.com/advisories/lotus_domino_ical_stack_buffer_overflow/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://labs.mwrinfosecurity.com/files/Advisories/mwri_lotus-domino-ical-stack-overflow_2010-09-14.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41433"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1024448"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21446515"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/8d1c0550e6242b69852570c900549a74/52f9218288b51dcb852576c600741f72?OpenDocument"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/8d1c0550e6242b69852570c900549a74/613a204806e3f211852576e2006afa3d?OpenDocument"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/8d1c0550e6242b69852570c900549a74/af36678d60bd74288525778400534d7c?OpenDocument"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.exploit-db.com/exploits/15005"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/513706/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/43219"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/2381"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-177/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61790"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-04-13 16:30
Modified
2024-11-21 01:02
Severity ?
Summary
The IMAP task in the server in IBM Lotus Domino 8.0.2 before FP1 IF1 and 8.5 before IF3 allows remote attackers to cause a denial of service (daemon crash) via a MIME e-mail message with RFC822 attachments (aka blobs) containing malformed root entities.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | lotus_domino | 8.0 | |
| ibm | lotus_domino | 8.0.1 | |
| ibm | lotus_domino | 8.0.2 | |
| ibm | lotus_domino | 8.0.2.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6C3DB9C3-4DAC-4663-9097-95600E13FCDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CE8510F6-D054-488E-99E9-A58272C47AA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "15DB2AF7-B494-4494-8686-33CB6A4C2CDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6FD6A3A3-6D6C-4EE0-B092-862DB03AC320",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The IMAP task in the server in IBM Lotus Domino 8.0.2 before FP1 IF1 and 8.5 before IF3 allows remote attackers to cause a denial of service (daemon crash) via a MIME e-mail message with RFC822 attachments (aka blobs) containing malformed root entities."
},
{
"lang": "es",
"value": "Vulnerabilidad en la tarea de servidor IMAP en IBM Lotus Domino v8.0.2 anterior a FP1 IF1 y v8.5 anterior IF3 permite a usuarios remotos causar una denegaci\u00f3n de servicio (ca\u00edda del servicio) a trav\u00e9s de un mensaje de e-mail MIME con adjuntos RFC822 (o blobs) que contienen entidades root mal formadas."
}
],
"id": "CVE-2009-1286",
"lastModified": "2024-11-21T01:02:06.300",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-04-13T16:30:00.390",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34657"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1022024"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21379894"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21379915"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21381562"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21381566"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/34441"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/0986"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34657"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1022024"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21379894"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21379915"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21381562"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21381566"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/34441"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/0986"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-08-09 19:55
Modified
2024-11-21 01:52
Severity ?
Summary
Integer overflow in the DWA9W ActiveX control in iNotes in IBM Domino 9.0 before IF3 allows remote attackers to execute arbitrary code via a crafted web page, aka SPR PTHN97XHFW.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | lotus_domino | 9.0.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:9.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7025B610-6988-4A78-B0ED-6FB728AA6C28",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the DWA9W ActiveX control in iNotes in IBM Domino 9.0 before IF3 allows remote attackers to execute arbitrary code via a crafted web page, aka SPR PTHN97XHFW."
},
{
"lang": "es",
"value": "Desbordamiento de entero en el control ActiveX DWA9W en iNotes en IBM Domino v9.0 anterior a IF3 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de una p\u00e1gina web dise\u00f1ada, tambi\u00e9n conocido como SPR PTHN97XHFW."
}
],
"id": "CVE-2013-3027",
"lastModified": "2024-11-21T01:52:51.353",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-08-09T19:55:06.367",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644599"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21645503"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84381"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644599"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21645503"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84381"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-01-09 18:30
Modified
2024-11-21 01:11
Severity ?
Summary
Unspecified vulnerability in the Edit Contact scene in Ultra-light Mode in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.241 for Domino 8.0.2 FP3 has unknown impact and attack vectors, aka SPR LSHR7TBLY5.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | lotus_inotes | * | |
| ibm | lotus_inotes | 229.011 | |
| ibm | lotus_inotes | 229.021 | |
| ibm | lotus_inotes | 229.031 | |
| ibm | lotus_inotes | 229.041 | |
| ibm | lotus_inotes | 229.051 | |
| ibm | lotus_inotes | 229.061 | |
| ibm | lotus_inotes | 229.101 | |
| ibm | lotus_inotes | 229.111 | |
| ibm | lotus_inotes | 229.131 | |
| ibm | lotus_inotes | 229.141 | |
| ibm | lotus_inotes | 229.151 | |
| ibm | lotus_inotes | 229.161 | |
| ibm | lotus_inotes | 229.171 | |
| ibm | lotus_inotes | 229.181 | |
| ibm | lotus_inotes | 229.191 | |
| ibm | lotus_inotes | 229.201 | |
| ibm | lotus_inotes | 229.211 | |
| ibm | lotus_inotes | 229.221 | |
| ibm | lotus_domino | 8.0.2.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4B327550-1809-4982-A927-48D3392B7A22",
"versionEndIncluding": "229.231",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.011:*:*:*:*:*:*:*",
"matchCriteriaId": "62AF2DA6-98E4-4921-B36C-AA5771B3629E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.021:*:*:*:*:*:*:*",
"matchCriteriaId": "3CC0B87F-B742-466D-BF93-56BFECAC2E54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.031:*:*:*:*:*:*:*",
"matchCriteriaId": "708BEAEF-B186-470D-8148-9C0703B42765",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.041:*:*:*:*:*:*:*",
"matchCriteriaId": "83C58751-33AE-4A3F-A096-AB13FC8A64A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.051:*:*:*:*:*:*:*",
"matchCriteriaId": "01E2E70E-3C00-4AA2-AF8D-349E82806FA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.061:*:*:*:*:*:*:*",
"matchCriteriaId": "3508BE09-6B84-4819-BC0F-7E23964FE29D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.101:*:*:*:*:*:*:*",
"matchCriteriaId": "1A17FFE5-97F5-45D0-8C54-3C22BF1FFA72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.111:*:*:*:*:*:*:*",
"matchCriteriaId": "CE8C8052-8980-4265-929B-E27B6A914B4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.131:*:*:*:*:*:*:*",
"matchCriteriaId": "2D6C0F89-47E6-4895-909D-6AF8DBFE2477",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.141:*:*:*:*:*:*:*",
"matchCriteriaId": "590EBAF8-04A9-4DAD-9FCF-B1B38FF03374",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.151:*:*:*:*:*:*:*",
"matchCriteriaId": "717F7305-98E1-403D-B08A-6FE1FD83D2C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.161:*:*:*:*:*:*:*",
"matchCriteriaId": "3C4B46DA-B4E6-4AB0-AD85-7C77EFE14063",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.171:*:*:*:*:*:*:*",
"matchCriteriaId": "E1862CF3-0BF2-4F1B-80A9-0B5B02005A1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.181:*:*:*:*:*:*:*",
"matchCriteriaId": "1CC9488A-F368-498E-8CDE-2ADC6AED470B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.191:*:*:*:*:*:*:*",
"matchCriteriaId": "A2F8C056-91A2-410B-942A-E108B93AD1E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.201:*:*:*:*:*:*:*",
"matchCriteriaId": "BCD1A2BB-F7FC-4FE1-B633-F0AF79E0F5FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.211:*:*:*:*:*:*:*",
"matchCriteriaId": "805C7074-679E-4F11-A055-8C52B4E26F5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.221:*:*:*:*:*:*:*",
"matchCriteriaId": "840A1975-0C5B-44F0-9F2E-1BBE02AA0484",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D419EFAE-E03F-4F4A-8C18-06BE61EBBF5D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Edit Contact scene in Ultra-light Mode in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.241 for Domino 8.0.2 FP3 has unknown impact and attack vectors, aka SPR LSHR7TBLY5."
},
{
"lang": "es",
"value": "Vulnerabilidad sin especificar en Edit Contact scene en Ultra-light Mode en IBM Lotus iNotes (tambi\u00e9n conocido como Domino Web Access o DWA) anterior a v229.241 para Domino v8.0.2 FP3 tiene un impacto y vectores de ataque desconocidos, tambi\u00e9n conocido como SPR LSHR7TBLY5."
}
],
"evaluatorSolution": "http://www-933.ibm.com/support/fixcentral/",
"id": "CVE-2010-0274",
"lastModified": "2024-11-21T01:11:53.083",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-01-09T18:30:01.870",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38026"
},
{
"source": "cve@mitre.org",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27017776"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/37675"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0077"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55470"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38026"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27017776"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/37675"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0077"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55470"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-08-06 04:00
Modified
2024-11-20 23:49
Severity ?
Summary
Web Access in Lotus Domino 6.5.1 allows remote attackers to cause a denial of service (server crash) via a large e-mail message, as demonstrated using a large image attachment.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | lotus_domino | 6.5.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C00B8057-26DF-4064-A934-0AA88A0C1A6F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Web Access in Lotus Domino 6.5.1 allows remote attackers to cause a denial of service (server crash) via a large e-mail message, as demonstrated using a large image attachment."
}
],
"id": "CVE-2004-0668",
"lastModified": "2024-11-20T23:49:06.877",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-08-06T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=108871093704307\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10641"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16596"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=108871093704307\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10641"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16596"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-12-31 05:00
Modified
2024-11-21 00:00
Severity ?
Summary
The LDAP server (nldap.exe) in IBM Lotus Domino before 7.0.1, 6.5.5, and 6.5.4 FP2 allows remote attackers to cause a denial of service (crash) via a long bind request, which triggers a null dereference.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | lotus_domino | 6.0 | |
| ibm | lotus_domino | 6.0.1 | |
| ibm | lotus_domino | 6.0.1.1 | |
| ibm | lotus_domino | 6.0.1.2 | |
| ibm | lotus_domino | 6.0.1.3 | |
| ibm | lotus_domino | 6.0.2.1 | |
| ibm | lotus_domino | 6.0.2.2 | |
| ibm | lotus_domino | 6.0.3 | |
| ibm | lotus_domino | 6.0.4 | |
| ibm | lotus_domino | 6.0.5 | |
| ibm | lotus_domino | 6.5 | |
| ibm | lotus_domino | 6.5.1 | |
| ibm | lotus_domino | 6.5.2 | |
| ibm | lotus_domino | 6.5.2.1 | |
| ibm | lotus_domino | 6.5.3 | |
| ibm | lotus_domino | 6.5.3.1 | |
| ibm | lotus_domino | 6.5.4 | |
| ibm | lotus_domino | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A9989FEB-3B5E-40FF-BDBF-CFC835BCF93B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B4B2AFF7-3921-402A-AE7A-BB9E2E8AA0A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2974F32F-19F1-42E5-AB4C-59ACC6D07ED5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C4BF6EB6-8A21-4FFD-A15F-797824D0F515",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B8A0BACA-DD1E-44AB-BF02-1F0DB179FF00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "636FC0B6-8C7B-416E-9343-B6712C93D036",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3FD364F0-EE5B-4082-AD87-C9769F492E0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "06DBE88F-F765-448E-88AF-3ED9FB98181A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AE30DC2C-35E9-4E4E-A8FF-2A31CF28B6DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9C9EE627-6072-4359-981B-0168F7D44B7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "53D6F4E6-2C8A-40B6-9DB9-38E15D2AFEEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C00B8057-26DF-4064-A934-0AA88A0C1A6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8EFA5487-2D61-4E61-98A3-51882A8CE0C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D139E5E3-F66C-4184-9C4F-B06391147130",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A95404CC-47B8-40C6-BCED-FC3E68CA8D8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B39B06CE-E38C-469B-8E24-87B26F3BEB65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8F342FD1-7A60-4E7D-B56A-E1C3D560C728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8FDDB5FD-9152-4A9C-829B-8BA2ACB3A5A1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The LDAP server (nldap.exe) in IBM Lotus Domino before 7.0.1, 6.5.5, and 6.5.4 FP2 allows remote attackers to cause a denial of service (crash) via a long bind request, which triggers a null dereference."
}
],
"id": "CVE-2005-2712",
"lastModified": "2024-11-21T00:00:12.737",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1015611"
},
{
"source": "cve@mitre.org",
"url": "http://www-1.ibm.com/support/docview.wss?rs=463\u0026uid=swg21229907"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=389"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/16523"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/0526"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24634"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1015611"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-1.ibm.com/support/docview.wss?rs=463\u0026uid=swg21229907"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=389"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/16523"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/0526"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24634"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-03-22 17:55
Modified
2024-11-21 01:26
Severity ?
Summary
Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.27 services for Lotus Domino has unknown impact and attack vectors, aka SPR ESEO8DQME2.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | lotus_quickr | 8.1 | |
| ibm | lotus_domino | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_quickr:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "83B3B388-0438-4806-9F21-2170428739DF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BE9179CA-5855-4F19-BAA6-D0A6DF468B9B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.27 services for Lotus Domino has unknown impact and attack vectors, aka SPR ESEO8DQME2."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en IBM Lotus Quickr versi\u00f3n 8.1 anterior a 8.1.0.27 services para Lotus Domino tiene un impacto y vectores de ataque desconocidos. Tambi\u00e9n conocido como SPR ESEO8DQME2."
}
],
"id": "CVE-2011-1505",
"lastModified": "2024-11-21T01:26:27.830",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-03-22T17:55:04.080",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43689"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1025228"
},
{
"source": "cve@mitre.org",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27013341"
},
{
"source": "cve@mitre.org",
"url": "http://www.ibm.com/support/docview.wss?uid=swg1LO58209"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/46903"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2011/0707"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66142"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43689"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1025228"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27013341"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ibm.com/support/docview.wss?uid=swg1LO58209"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/46903"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/0707"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66142"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-01-09 11:03
Modified
2024-11-21 00:05
Severity ?
Summary
Buffer overflow in IBM Lotus Notes and Domino Server before 6.5.5 allows attackers to cause a denial of service (router crash or hang) via unspecified vectors involving "CD to MIME Conversion".
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | lotus_domino | 6.5.0 | |
| ibm | lotus_domino | 6.5.1 | |
| ibm | lotus_domino | 6.5.2 | |
| ibm | lotus_domino | 6.5.3 | |
| ibm | lotus_domino | 6.5.4 | |
| ibm | lotus_domino | 6.5.4 | |
| ibm | lotus_domino | 6.5.4 | |
| ibm | lotus_domino_enterprise_server | 6.5.2 | |
| ibm | lotus_domino_enterprise_server | 6.5.4 | |
| ibm | lotus_notes | 6.5 | |
| ibm | lotus_notes | 6.5.1 | |
| ibm | lotus_notes | 6.5.2 | |
| ibm | lotus_notes | 6.5.3 | |
| ibm | lotus_notes | 6.5.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0766C3F9-D2A2-4A58-9FF7-11B57232DEA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C00B8057-26DF-4064-A934-0AA88A0C1A6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8EFA5487-2D61-4E61-98A3-51882A8CE0C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A95404CC-47B8-40C6-BCED-FC3E68CA8D8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8F342FD1-7A60-4E7D-B56A-E1C3D560C728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.4:*:fp1:*:*:*:*:*",
"matchCriteriaId": "99E2CC18-4049-470A-B6DB-580C65FED0A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.4:*:fp2:*:*:*:*:*",
"matchCriteriaId": "2396543F-1507-493C-B57F-3082D6E68894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino_enterprise_server:6.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "40882B15-23A7-456C-B4DB-B1C7246BBC28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino_enterprise_server:6.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9D3195CA-CB62-4AEF-AC8C-C985A372FD89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1360A50E-C1E1-4690-874A-04CC7C1A77CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:6.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D94927A9-61FD-459F-9A6D-E581A4AF505C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:6.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D3B32BA2-9EB7-4294-A857-226A5B1CC401",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:6.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EF64CA16-6C20-42E1-BA68-BD63A873BFA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:6.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "12D7DD7B-CA90-44A5-9B7B-4A4985150689",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in IBM Lotus Notes and Domino Server before 6.5.5 allows attackers to cause a denial of service (router crash or hang) via unspecified vectors involving \"CD to MIME Conversion\"."
}
],
"id": "CVE-2006-0117",
"lastModified": "2024-11-21T00:05:41.260",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-01-09T11:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18328"
},
{
"source": "cve@mitre.org",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg27007054"
},
{
"source": "cve@mitre.org",
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/50c634bfe193efa5852570e4001baace?OpenDocument"
},
{
"source": "cve@mitre.org",
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/21d8fd7989fdf78d852570e4001bae68?OpenDocument"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/16158"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/0081"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24205"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18328"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg27007054"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/50c634bfe193efa5852570e4001baace?OpenDocument"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/21d8fd7989fdf78d852570e4001bae68?OpenDocument"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/16158"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/0081"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24205"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-01-20 05:00
Modified
2024-11-20 23:47
Severity ?
Summary
Lotus Notes Domino 6.0.2 on Linux installs the notes.ini configuration file with world-writable permissions, which allows local users to modify the Notes configuration and gain privileges.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | lotus_domino | 6.0.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C1320064-F0E9-42C8-8E1C-9037684FA693",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Lotus Notes Domino 6.0.2 on Linux installs the notes.ini configuration file with world-writable permissions, which allows local users to modify the Notes configuration and gain privileges."
},
{
"lang": "es",
"value": "Lotus Notes Domino 6.0.2 para Linux instala el fichero de configuraci\u00f3n notes.ini con permisos de escritura para todo el mundo, lo que permite a usuarios locales modificar la configuraci\u00f3n de Notes y ganar privilegios."
}
],
"id": "CVE-2004-0029",
"lastModified": "2024-11-20T23:47:35.943",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-01-20T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=107340897710308\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/10566"
},
{
"source": "cve@mitre.org",
"tags": [
"URL Repurposed"
],
"url": "http://www.excluded.org/advisories/advisory05.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/3424"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/9366"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1008623"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14153"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=107340897710308\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/10566"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"URL Repurposed"
],
"url": "http://www.excluded.org/advisories/advisory05.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/3424"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/9366"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1008623"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14153"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-09-20 15:26
Modified
2024-11-21 01:54
Severity ?
Summary
Buffer overflow in iNotes in IBM Domino 8.5.3 before FP5 IF1 and 9.0 before IF4 allows remote authenticated users to execute arbitrary code via unspecified vectors, aka SPR PTHN9ADPA8.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | lotus_domino | 8.5.3.0 | |
| ibm | lotus_domino | 8.5.3.1 | |
| ibm | lotus_domino | 8.5.3.2 | |
| ibm | lotus_domino | 8.5.3.3 | |
| ibm | lotus_domino | 8.5.3.4 | |
| ibm | lotus_domino | 9.0.0.0 | |
| ibm | lotus_inotes | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "350ACC22-669F-4429-A525-36F56EF9678C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3C068055-FB7A-4AFB-AF29-28238ECF126F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1ACB4B2C-CCE1-4A0A-B962-B8C208869589",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BC1A8676-B2CA-49FF-A43E-EAC62170BF82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "71ADC0C5-36E9-426E-B302-56804B1800BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:9.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7025B610-6988-4A78-B0ED-6FB728AA6C28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ADBAA800-3F74-45C5-AE58-EF76A35186D0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in iNotes in IBM Domino 8.5.3 before FP5 IF1 and 9.0 before IF4 allows remote authenticated users to execute arbitrary code via unspecified vectors, aka SPR PTHN9ADPA8."
},
{
"lang": "es",
"value": "Desbordamiento de buffer en iNotes en IBM Domino 8.5.3 anterior a FP5 IF1 y 9.0 anterior a IF4 permite a los usuarios remotos autenticados ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores no especificados, tambi\u00e9n conocido como SPR PTHN9ADPA8."
}
],
"id": "CVE-2013-4068",
"lastModified": "2024-11-21T01:54:49.360",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:H/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-09-20T15:26:03.857",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21649476"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21650034"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21650146"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86599"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21649476"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21650034"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21650146"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86599"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-03-22 17:55
Modified
2024-11-21 00:58
Severity ?
Summary
Unspecified vulnerability in the docnote string handling implementation in IBM Lotus Quickr 8.1 before 8.1.0.2 services for Lotus Domino allows remote attackers to cause a denial of service (daemon crash) via unknown vectors, aka SPR JFLD7GZT25.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | lotus_quickr | 8.1 | |
| ibm | lotus_domino | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_quickr:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "83B3B388-0438-4806-9F21-2170428739DF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BE9179CA-5855-4F19-BAA6-D0A6DF468B9B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the docnote string handling implementation in IBM Lotus Quickr 8.1 before 8.1.0.2 services for Lotus Domino allows remote attackers to cause a denial of service (daemon crash) via unknown vectors, aka SPR JFLD7GZT25."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en la cadena de docnote, manejando la implementaci\u00f3n en IBM Lotus Quickr v8.1 anterior a v8.1.0.2, servicios para Lotus Domino, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda del demonio) a trav\u00e9s de vectores desconocidos, tambi\u00e9n conocido como JFLD7GZT25 SPR."
}
],
"id": "CVE-2008-7285",
"lastModified": "2024-11-21T00:58:44.667",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-03-22T17:55:01.110",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27013341"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27013341"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-05-22 13:09
Modified
2024-11-21 00:46
Severity ?
Summary
Stack-based buffer overflow in the Web Server service in IBM Lotus Domino before 7.0.3 FP1, and 8.x before 8.0.1, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long Accept-Language HTTP header.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | lotus_domino | 6.0 | |
| ibm | lotus_domino | 6.5 | |
| ibm | lotus_domino | 7.0 | |
| ibm | lotus_domino | 8.0 | |
| ibm | lotus_domino | 8.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A9989FEB-3B5E-40FF-BDBF-CFC835BCF93B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "53D6F4E6-2C8A-40B6-9DB9-38E15D2AFEEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8FDDB5FD-9152-4A9C-829B-8BA2ACB3A5A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6C3DB9C3-4DAC-4663-9097-95600E13FCDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CE8510F6-D054-488E-99E9-A58272C47AA3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the Web Server service in IBM Lotus Domino before 7.0.3 FP1, and 8.x before 8.0.1, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long Accept-Language HTTP header."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en el Servicio Web Server en IBM Lotus Domino anterior a 7.0.3 FP1 y 8.x anterior a 8.0.1, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de demonio) o la posibilidad de ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de una cabecera HTTP \"Accept-Languaje\"."
}
],
"id": "CVE-2008-2240",
"lastModified": "2024-11-21T00:46:25.273",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-05-22T13:09:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30310"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30332"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21303057"
},
{
"source": "cve@mitre.org",
"url": "http://www.attrition.org/pipermail/vim/2008-May/001988.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.attrition.org/pipermail/vim/2008-May/001989.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.mwrinfosecurity.com/publications/mwri_ibm-lotus-domino-accept-language-stack-overflow_2008-05-20.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/29310"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1020098"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1597"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42552"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30310"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30332"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21303057"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.attrition.org/pipermail/vim/2008-May/001988.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.attrition.org/pipermail/vim/2008-May/001989.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.mwrinfosecurity.com/publications/mwri_ibm-lotus-domino-accept-language-stack-overflow_2008-05-20.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/29310"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1020098"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1597"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42552"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-03-22 17:55
Modified
2024-11-21 01:11
Severity ?
Summary
Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.5 services for Lotus Domino allows remote authenticated users to cause a denial of service (daemon crash) by deleting an item that is accessed through a connector, aka SPR RELS7LARKR.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | lotus_quickr | 8.1 | |
| ibm | lotus_domino | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_quickr:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "83B3B388-0438-4806-9F21-2170428739DF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BE9179CA-5855-4F19-BAA6-D0A6DF468B9B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.5 services for Lotus Domino allows remote authenticated users to cause a denial of service (daemon crash) by deleting an item that is accessed through a connector, aka SPR RELS7LARKR."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en IBM Lotus Quickr v8.1 anterior a v8.1.0.5, servicios para Lotus Domino permite a usuarios remotos autenticados causar una denegaci\u00f3n de servicio (ca\u00edda del demonio) mediante la supresi\u00f3n de un elemento al que se accede a trav\u00e9s de un conector, tambi\u00e9n conocido como SPR RELS7LARKR."
}
],
"id": "CVE-2009-5058",
"lastModified": "2024-11-21T01:11:05.520",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-03-22T17:55:01.143",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27013341"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27013341"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-09-21 21:03
Modified
2024-11-21 00:00
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in IBM Lotus Domino 6.5.2 allows remote attackers to inject arbitrary web script or HTML via the (1) BaseTarget or (2) Src parameters.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | lotus_domino | 6.5.2 | |
| ibm | lotus_domino_enterprise_server | 6.5.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8EFA5487-2D61-4E61-98A3-51882A8CE0C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino_enterprise_server:6.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "40882B15-23A7-456C-B4DB-B1C7246BBC28",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM Lotus Domino 6.5.2 allows remote attackers to inject arbitrary web script or HTML via the (1) BaseTarget or (2) Src parameters."
}
],
"id": "CVE-2005-3015",
"lastModified": "2024-11-21T00:00:56.270",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-09-21T21:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/16830"
},
{
"source": "cve@mitre.org",
"url": "http://www-1.ibm.com/support/docview.wss?rs=0\u0026uid=swg1LO07849\u0026loc=en_US\u0026cs=utf-8\u0026cc=us\u0026lang=all"
},
{
"source": "cve@mitre.org",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO07850"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/14845"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/14846"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/16830"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-1.ibm.com/support/docview.wss?rs=0\u0026uid=swg1LO07849\u0026loc=en_US\u0026cs=utf-8\u0026cc=us\u0026lang=all"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO07850"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/14845"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/14846"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-01-11 00:55
Modified
2024-11-21 01:43
Severity ?
Summary
Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, when running under a security manager, allows remote attackers to gain privileges by modifying or removing the security manager via vectors related to "insecure use of the java.lang.reflect.Method invoke() method."
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:java:*:*:*:*:*:*:*:*",
"matchCriteriaId": "18BA3404-DE06-43A3-8319-31ECA80A8B8B",
"versionEndIncluding": "1.4.2.13.13",
"versionStartIncluding": "1.4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:java:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5BEA3D56-2995-42F6-9306-84B9E24AD317",
"versionEndIncluding": "5.0.14.0",
"versionStartIncluding": "5.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:java:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A59F289-2472-46F7-AD4B-24D9CE59807F",
"versionEndIncluding": "6.0.11.0",
"versionStartIncluding": "6.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:java:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9ABE8021-3E50-4DBF-991F-59BDD301389E",
"versionEndIncluding": "7.0.2.0",
"versionStartIncluding": "7.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6C3DB9C3-4DAC-4663-9097-95600E13FCDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CE8510F6-D054-488E-99E9-A58272C47AA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "15DB2AF7-B494-4494-8686-33CB6A4C2CDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6FD6A3A3-6D6C-4EE0-B092-862DB03AC320",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1D2A467B-72FA-4280-A397-BC9D86D5B012",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D419EFAE-E03F-4F4A-8C18-06BE61EBBF5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.0.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F936FD55-AD59-47B3-8591-3F79B2ABB4E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A1588F54-4E8B-43C3-85E5-A12C04B694CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B6DDD0E9-9084-4F0A-B3F1-8357CAD88A3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E0059358-69C1-4F89-B4E6-B6BE22845D33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ECF00AEE-9A3A-46E3-8B0F-2131E3235431",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9861BE52-4945-4F36-B6EF-701DB789CA28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0D6BFA82-5CA0-403F-98E6-342EF87AE366",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "79CBA8AF-9C3D-4510-8D91-7C42931CD3FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6DB694E3-96E1-4283-8DE3-91E930F76A65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EDB2B497-83A2-41A4-9F0D-CD17080CC1DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "91D7FA80-1FD9-48F3-934A-FC7B3BAD4FD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E30C8593-884E-4F6B-B107-0B3276EB1102",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A5B5CCB4-BB4F-4677-A7AA-B7C20682A00D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2408220F-FBDB-419E-8F04-35BED47CE213",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "350ACC22-669F-4429-A525-36F56EF9678C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3C068055-FB7A-4AFB-AF29-28238ECF126F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1ACB4B2C-CCE1-4A0A-B962-B8C208869589",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "692E295E-E650-42D5-AF7A-D6276C3D76E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A1E25625-8570-4744-A2A2-4A4FB4D8AC6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "50660BA1-A24A-4DBF-AB59-1CF04FA54120",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5759CBCB-7B3F-462A-B51A-FD2C6B13CCE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "69A79FA5-83FB-4067-B2A6-17EAF3947998",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "17815F4E-BB34-40D2-A3EE-3C7741940D1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7DE79982-9E92-498A-B961-55CB1D2D104F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F6814E3F-479C-4F56-BF66-C685E60CCA34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.0.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BB9EF5DE-4432-4099-AD59-CDD52E387BB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.0.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A1013797-0442-46A7-A94F-354388BA6B69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.0.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0CC228A3-1878-4A9F-8664-F4DFF77BF74B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0119A252-73B1-490F-9371-06E8FDB8B979",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "57D24791-E798-4B08-A051-E880DEFB8268",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2758590C-67FD-4DD6-84C1-0D32264BBE5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A7FC083C-B25E-427F-B722-B5ABD4F072F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0B0CF8A5-BC24-4204-BC06-2E1E2FB60E4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CDA723DB-62C5-4C84-B0BA-5313FDA49D73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "92F08B96-D43E-407E-839C-4C3C5BB58B2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5E50C779-C780-45FB-BC77-B9717389D2EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "867779A4-A7A5-48AD-9AC0-C6476719A5EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6B7B7544-D60C-4B9A-BC29-B30AD86EC9B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9D475EF5-DBB3-4B98-BB07-83A2632B5E0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F797A209-65C0-4A20-9DA2-C5576C091DE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9B01BCFA-13B4-4AB3-9558-4B704F6DCFA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D027E003-84C9-4290-A032-649C5E66B23B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1D9A13AC-B552-4E86-9E5D-62354D78E49C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E5CDBCB-F314-453B-B837-B03B53215748",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7A92849F-05E0-47DB-AB43-8AC559568D0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2BAE23EA-8576-4B4E-A6ED-91EB30E3FB6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes_sametime:8.0.80407:*:*:*:*:*:*:*",
"matchCriteriaId": "EB384FC6-D343-40F1-B9D3-480217EB97D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes_sametime:8.0.80822:*:*:*:*:*:*:*",
"matchCriteriaId": "9D4D8B5E-8172-4FC2-9F4F-6FB5D989DE1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes_sametime:8.5.1.20100709-1631:*:*:*:advanced_embedded:*:*:*",
"matchCriteriaId": "62A619D0-A250-41F7-8BC3-37B1507AF37C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes_traveler:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F6F9782A-17B1-4258-8B03-483328EFB01D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes_traveler:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "27E40AA1-CF34-4757-8EE1-873A5B199496",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes_traveler:8.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3997E3C6-1822-4DBB-A6E1-B46F4E0CF3B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes_traveler:8.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "35746885-CB26-4527-AB17-BBEF37A33F70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes_traveler:8.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6AE0191C-D6EF-486A-B497-9692D2892DA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes_traveler:8.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BE3021AA-7337-46B2-AECE-D4C93C032578",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes_traveler:8.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "29746507-F154-4216-B560-1D9243D5FF7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes_traveler:8.5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "80E42A69-B549-4904-AC5C-E2053CB38450",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes_traveler:8.5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2B2285A0-B3E7-4D41-9D06-796485D39B0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes_traveler:8.5.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E0D4D6C6-656D-433F-973B-7C0F7FD09428",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes_traveler:8.5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9DC57196-D703-407C-9883-58C31C6C4C62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes_traveler:8.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D25E5860-083C-4D43-945C-AB068BFF624B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes_traveler:8.5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E41ECC63-45B0-4011-8906-FF4DC825DA50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes_traveler:8.5.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB76CF67-767D-4A30-BB3F-2F44D80BC609",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes_traveler:8.5.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "521A5B6F-D214-4181-915B-CE1AF1F90397",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes_traveler:8.5.3.3:interim_fix_1:*:*:*:*:*:*",
"matchCriteriaId": "87F9AF9E-E7EA-44DF-AD03-0D28CC105EC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_change:4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "AD723C24-48AA-480F-93A5-064F9D4D75F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_change:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AFCFCA2C-1594-4FE3-BE4D-B9407A1BC1C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_change:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "323418E3-6CDF-4E84-8D3C-324BFE95DD4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_change:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F08AFD22-F720-4683-9444-012722E5E979",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_host_on-demand:1.6.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "B9114377-B995-419A-A566-4CFD06715298",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_host_on-demand:8.0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EAFD73FB-2F37-4B0D-A967-B6DD8500A273",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_host_on-demand:9.0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5E0D1AE7-63C6-4E66-90EB-9FB1ED71FC22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_host_on-demand:10.0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16CAC644-C915-46BF-88C3-6792304B7CE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_host_on-demand:10.0.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C9B4EA6D-BA41-4170-B4EC-6850ACA98344",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_host_on-demand:11.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "39AD3F53-55F2-451D-8A56-9B7B96F19AD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_host_on-demand:11.0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D8ABC05-561E-43D7-B408-BED36676C6B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_host_on-demand:11.0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BF30EFD9-12DD-4D2E-A087-66C008CF4338",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_host_on-demand:11.0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C3F20944-2611-41DC-8470-F267EA09A66F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_host_on-demand:11.0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16A57406-18F3-4F9E-A6C1-72DB1B0D0F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:rational_host_on-demand:11.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8CDC30B5-78D0-4F0F-9F85-96B85026F33F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:service_delivery_manager:7.2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AB5888AC-B251-4DE4-95E8-56385429343E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:service_delivery_manager:7.2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CCA27B37-E411-496D-B23B-C8F8B9F95239",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smart_analytics_system_5600_software:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6A24824E-7091-41EA-A994-67DB0BAFF592",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:smart_analytics_system_5600_software:9.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0C04EBD9-A8CD-498E-9724-848BBF4C13FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BE417DBB-F699-4B0C-93E4-F2A96E60A42C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "503B5597-B95E-4F8F-BCB6-B303D378F5CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2289E7D5-2915-42D3-BE86-FF63BF507251",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "45864079-DC1E-42F6-B9D4-36E1A46DE093",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "39A65FE7-7745-4D94-A22C-D0C7CF1C339A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5DB4F6B1-F1A1-40A3-9EB6-36CBDCF5FD55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "13DB3D7D-0D80-4B7E-B516-D4AE2AE3FC48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "11F1528F-BE73-4B03-BFA5-B1F96099F3F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AD8B5726-CDA8-4BDE-B2A6-AE308959A862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6233ED9B-760D-4218-A25B-DF67D703D9EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "350B304F-4ED0-4A91-A901-77A149DE2481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "50A2D35D-4170-4DD7-9AD3-39F23D432289",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "15E20435-C3A0-4A57-B82A-595A48BB0991",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33A34B3F-710C-42A8-B791-DA624B23E36D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E5010AB5-0932-4F05-9D6A-9D4C49151E83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7299B1C8-7BC2-4F42-B19E-4D0D2E599D02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1FC98EF0-EDCA-47D8-A4CE-083E3AA0376C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6522CFEE-4368-4596-8DB9-18247AB19C67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8E386E16-9F8F-4444-A190-EF964CA339F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AC24B012-A887-4A3F-A32C-80435C64BC10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F0B310DC-21E5-4A0D-A3D6-B0FD21C6C4F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "499FAEEF-0533-44FE-8249-AE40C6233E06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "1E8B4310-F5D2-4448-89C1-E6D656351E7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "88380637-715A-49CB-A9B6-0F8411225E9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D3AF6714-0D55-4C81-B354-F3875ACE4388",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "94A90709-74AD-4C1B-806C-E7E335A3A773",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E17308E6-B755-434F-8D2B-E5BBA37BA1F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:tivoli_remote_control:5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C3BFA6A7-DA21-4DB1-829E-6CBF15AE19B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_real_time:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2487821D-BB7A-4574-A98B-B37604CD4654",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_real_time:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "88CB9D0F-DCAB-484D-ACA8-64772659EE6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tivoli_storage_productivity_center:5.0:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E541FE5B-2147-4340-85BE-C6A23E64F343",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tivoli_storage_productivity_center:5.1:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E1EFAA15-C456-45A5-8B60-5CCF0CF0029B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tivoli_storage_productivity_center:5.1.1:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8B783E88-2CDB-47B9-8F2F-126E60EA42CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:smart_analytics_system_5600:7200:*:*:*:*:*:*:*",
"matchCriteriaId": "CD9B9B97-8A48-4202-A48B-092585DDE4F2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes \u0026 Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, when running under a security manager, allows remote attackers to gain privileges by modifying or removing the security manager via vectors related to \"insecure use of the java.lang.reflect.Method invoke() method.\""
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en el componente JRE en IBM Java 7 SR2 y anteriores, Java v6.0.1 SR3 y anteriores, Java 6 SR11 y anteriores, Java 5 SR14 y anteriores, y Java 142 SR13 FP13 y anteriores; como las usadas en IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control v5.1.2, WebSphere Real Time, Lotus Notes \u0026 Domino, Tivoli Storage Productivity Center, y Service Deliver Manager; y otros productos de otros vendedores como Red Hat, ejecutandose en un gestor de seguridad, permite a atacantes remotos obtener privilegios modificando o eliminando el gestor de seguridad a trav\u00e9s de vectores relacionados con \"uso inseguro del m\u00e9todo java.lang.reflect.Method invoke()\""
}
],
"id": "CVE-2012-4820",
"lastModified": "2024-11-21T01:43:33.500",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-01-11T00:55:00.963",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1465.html"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1466.html"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1467.html"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/bugtraq/2012/Sep/38"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/51326"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/51327"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/51328"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/51393"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/51634"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV29654"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21615705"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21615800"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616490"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616594"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616616"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616617"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616652"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616708"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21621154"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21631786"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/55495"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78764"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21616546"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1465.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1466.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1467.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/bugtraq/2012/Sep/38"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/51326"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/51327"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/51328"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/51393"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/51634"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV29654"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21615705"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21615800"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616490"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616594"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616616"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616617"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616652"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616708"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21621154"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21631786"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/55495"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78764"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21616546"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-08-21 10:46
Modified
2024-11-21 01:40
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Domino 7.x and 8.x before 8.5.4 allow remote attackers to inject arbitrary web script or HTML via (1) a URL accessed during use of the Mail template in the WebMail UI or (2) a URL accessed during use of Domino Help through the Domino HTTP server.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | lotus_domino | 7.0.1 | |
| ibm | lotus_domino | 7.0.1.1 | |
| ibm | lotus_domino | 7.0.2 | |
| ibm | lotus_domino | 7.0.2.2 | |
| ibm | lotus_domino | 7.0.3.0 | |
| ibm | lotus_domino | 7.0.3.1 | |
| ibm | lotus_domino | 7.0.4.0 | |
| ibm | lotus_domino | 7.0.4.1 | |
| ibm | lotus_domino | 7.0.4.2 | |
| ibm | lotus_domino | 8.5.0 | |
| ibm | lotus_domino | 8.5.0.1 | |
| ibm | lotus_domino | 8.5.1.1 | |
| ibm | lotus_domino | 8.5.1.2 | |
| ibm | lotus_domino | 8.5.1.3 | |
| ibm | lotus_domino | 8.5.1.4 | |
| ibm | lotus_domino | 8.5.1.5 | |
| ibm | lotus_domino | 8.5.2.0 | |
| ibm | lotus_domino | 8.5.2.1 | |
| ibm | lotus_domino | 8.5.2.2 | |
| ibm | lotus_domino | 8.5.2.3 | |
| ibm | lotus_domino | 8.5.2.4 | |
| ibm | lotus_domino | 8.5.3.0 | |
| ibm | lotus_domino | 8.5.3.1 | |
| ibm | lotus_domino | 8.5.3.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A8A7AF44-125F-4760-8370-34B7B4CB8753",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:7.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "48E4A116-4FEF-4EAF-B4C4-F6096853F791",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "69495B18-39A4-443F-A724-F713C4DD14A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:7.0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "42C54057-4166-476B-A184-CD3F4844D0D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:7.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C90B32A9-9900-4056-92D5-1AD02F3993BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:7.0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4AA31957-2452-4992-8DDA-7DDAAD09EC1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:7.0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "291CC183-3A20-4B9C-9B85-75EACFB7DFCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:7.0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "23E14D9F-97E1-4DFA-994F-DF7F118BFFA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:7.0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B09BFA8E-8F0F-4517-9F6A-B1097902324F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A1588F54-4E8B-43C3-85E5-A12C04B694CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B6DDD0E9-9084-4F0A-B3F1-8357CAD88A3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ECF00AEE-9A3A-46E3-8B0F-2131E3235431",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9861BE52-4945-4F36-B6EF-701DB789CA28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0D6BFA82-5CA0-403F-98E6-342EF87AE366",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "79CBA8AF-9C3D-4510-8D91-7C42931CD3FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6DB694E3-96E1-4283-8DE3-91E930F76A65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EDB2B497-83A2-41A4-9F0D-CD17080CC1DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "91D7FA80-1FD9-48F3-934A-FC7B3BAD4FD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E30C8593-884E-4F6B-B107-0B3276EB1102",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A5B5CCB4-BB4F-4677-A7AA-B7C20682A00D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2408220F-FBDB-419E-8F04-35BED47CE213",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "350ACC22-669F-4429-A525-36F56EF9678C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3C068055-FB7A-4AFB-AF29-28238ECF126F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1ACB4B2C-CCE1-4A0A-B962-B8C208869589",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Domino 7.x and 8.x before 8.5.4 allow remote attackers to inject arbitrary web script or HTML via (1) a URL accessed during use of the Mail template in the WebMail UI or (2) a URL accessed during use of Domino Help through the Domino HTTP server."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en IBM Lotus Domino v7.x y v8.x anterior a v8.5.4 permite a atacantes remotos inyectar c\u00f3digo arbitrario web o HTML a trav\u00e9s de (1) el acceso a una direcci\u00f3n (URL) mediante el uso de una plantilla de correo en WebMail UI o (2) una direcci\u00f3n (URL) accedida durante el uso de la ayuda de (Domino Help) a trav\u00e9s del servidor (Domino HTTP)."
}
],
"id": "CVE-2012-3302",
"lastModified": "2024-11-21T01:40:36.750",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-08-21T10:46:10.747",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://websecurity.com.ua/5839/"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21608160"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77401"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://websecurity.com.ua/5839/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21608160"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77401"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-02-08 22:00
Modified
2024-11-21 01:25
Severity ?
Summary
Multiple stack-based buffer overflows in the (1) POP3 and (2) IMAP services in IBM Lotus Domino allow remote attackers to execute arbitrary code via non-printable characters in an envelope sender address, aka SPR KLYH87LLVJ.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | lotus_domino | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BE9179CA-5855-4F19-BAA6-D0A6DF468B9B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflows in the (1) POP3 and (2) IMAP services in IBM Lotus Domino allow remote attackers to execute arbitrary code via non-printable characters in an envelope sender address, aka SPR KLYH87LLVJ."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de b\u00fafer basados en la pila en los servicios (1) POP3 y (2) IMAP en IBM Lotus Domino permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de caracteres no imprimibles en una direcci\u00f3n del remitente, tambi\u00e9n conocido como SPR KLYH87LLVJ."
}
],
"id": "CVE-2011-0919",
"lastModified": "2024-11-21T01:25:10.000",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-02-08T22:00:02.867",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/43224"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21461514"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/516232/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://zerodayinitiative.com/advisories/ZDI-11-045/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/43224"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21461514"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/516232/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://zerodayinitiative.com/advisories/ZDI-11-045/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-01-12 02:46
Modified
2024-11-21 00:41
Severity ?
Summary
Unspecified vulnerability in Lotus Domino 7.0.2 before Fix Pack 3 allows attackers to cause a denial of service via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | lotus_domino | 7.0 | |
| ibm | lotus_domino | 7.0.1 | |
| ibm | lotus_domino | 7.0.2 | |
| ibm | lotus_domino | 7.0.2 | |
| ibm | lotus_domino | 7.0.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8FDDB5FD-9152-4A9C-829B-8BA2ACB3A5A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A8A7AF44-125F-4760-8370-34B7B4CB8753",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "69495B18-39A4-443F-A724-F713C4DD14A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:7.0.2:*:fp1:*:*:*:*:*",
"matchCriteriaId": "4A7F62D7-8225-4B84-A3CE-B91616B5AAD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:7.0.2:*:fp2:*:*:*:*:*",
"matchCriteriaId": "82718D37-02FA-4EA0-ABB6-167B5A0A2F0B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Lotus Domino 7.0.2 before Fix Pack 3 allows attackers to cause a denial of service via unknown vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en Lotus Domino 7.0.2, en versiones anteriores a la Fix Pack 3, permite que atacantes remotos provoquen una denegaci\u00f3n de servicio a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2008-0243",
"lastModified": "2024-11-21T00:41:29.260",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-01-12T02:46:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28411"
},
{
"source": "cve@mitre.org",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg27011539"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/27215"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0086"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39588"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28411"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg27011539"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/27215"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0086"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39588"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-10-29 21:46
Modified
2024-11-21 00:38
Severity ?
Summary
IBM Lotus Notes before 6.5.6, and 7.x before 7.0.3; and Domino before 6.5.5 FP3, and 7.x before 7.0.2 FP1; uses weak permissions (Everyone:Full Control) for memory mapped files (shared memory) in IPC, which allows local users to obtain sensitive information, or inject Lotus Script or other character sequences into a session.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | lotus_domino | * | |
| ibm | lotus_domino | * | |
| ibm | lotus_domino | 6.5.5 | |
| ibm | lotus_domino | 7.0.2 | |
| ibm | lotus_notes | * | |
| ibm | lotus_notes | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ED2E3AB3-15AF-42F8-9AAC-8A7D3C553474",
"versionEndExcluding": "6.5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:*:*:*:*:*:*:*:*",
"matchCriteriaId": "34C250E2-C8A3-4160-85E2-5DAFADFC2507",
"versionEndExcluding": "7.0.2",
"versionStartIncluding": "7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.5:-:*:*:*:*:*:*",
"matchCriteriaId": "6ADFA292-0E8C-489E-9D97-99996D3EB626",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:7.0.2:-:*:*:*:*:*:*",
"matchCriteriaId": "EF980FE0-9048-4EB3-A520-462C9419EFF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A19CCBD6-5626-4250-97A3-FDBBB6B67A66",
"versionEndIncluding": "6.5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A30DAD9B-D09E-4011-A7B2-8F1E401DFE5F",
"versionEndExcluding": "7.0.3",
"versionStartIncluding": "7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Lotus Notes before 6.5.6, and 7.x before 7.0.3; and Domino before 6.5.5 FP3, and 7.x before 7.0.2 FP1; uses weak permissions (Everyone:Full Control) for memory mapped files (shared memory) in IPC, which allows local users to obtain sensitive information, or inject Lotus Script or other character sequences into a session."
},
{
"lang": "es",
"value": "IBM Lotus Notes versiones anteriores 6.5.6, y 7.x versiones anteriores a 7.0.3; y Domino versiones anteriores 6.5.5 FP3, y 7.x versiones anteriores 7.0.2 FP1; utiliza permisos d\u00e9biles (Control Total:Todos) para ficheros mapeados en memoria (memoria compartida) en IPC, lo cual permite a usuarios locales obtener informaci\u00f3n confidencial, o inyectar Lotus Script u otras secuencias de caracteres en una sesi\u00f3n."
}
],
"id": "CVE-2007-5544",
"lastModified": "2024-11-21T00:38:09.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 1.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2007-10-29T21:46:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27321"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Patch"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21257030"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/26146"
},
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
],
"url": "http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-013.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required"
],
"url": "http://www.vupen.com/english/advisories/2007/3598"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27321"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Patch"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21257030"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/26146"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-013.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "http://www.vupen.com/english/advisories/2007/3598"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-11-08 04:47
Modified
2024-11-21 01:54
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in webadmin.nsf in Domino Web Administrator in IBM Domino 8.5 and 9.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2013-4051.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | lotus_domino | 8.5.0 | |
| ibm | lotus_domino | 9.0.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A1588F54-4E8B-43C3-85E5-A12C04B694CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:9.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7025B610-6988-4A78-B0ED-6FB728AA6C28",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in webadmin.nsf in Domino Web Administrator in IBM Domino 8.5 and 9.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2013-4051."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en webadmin.nsf en Domino Web Administrator de IBM Domino 8.5 y 9.0 permite a usuarios remotos autenticados inyectar script web o HTML arbitrario a trav\u00e9s de vectores sin especificar, una vulnerabilidad diferente a CVE-2013-4051."
}
],
"id": "CVE-2013-4055",
"lastModified": "2024-11-21T01:54:47.890",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-11-08T04:47:22.870",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21652988"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86544"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21652988"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86544"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-02-27 21:55
Modified
2024-11-21 01:43
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the web server in IBM Lotus Domino 8.5.x through 8.5.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | lotus_domino | 8.5.0 | |
| ibm | lotus_domino | 8.5.0.1 | |
| ibm | lotus_domino | 8.5.1 | |
| ibm | lotus_domino | 8.5.1.1 | |
| ibm | lotus_domino | 8.5.1.2 | |
| ibm | lotus_domino | 8.5.1.3 | |
| ibm | lotus_domino | 8.5.1.4 | |
| ibm | lotus_domino | 8.5.1.5 | |
| ibm | lotus_domino | 8.5.2.0 | |
| ibm | lotus_domino | 8.5.2.1 | |
| ibm | lotus_domino | 8.5.2.2 | |
| ibm | lotus_domino | 8.5.2.3 | |
| ibm | lotus_domino | 8.5.2.4 | |
| ibm | lotus_domino | 8.5.3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A1588F54-4E8B-43C3-85E5-A12C04B694CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B6DDD0E9-9084-4F0A-B3F1-8357CAD88A3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E0059358-69C1-4F89-B4E6-B6BE22845D33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ECF00AEE-9A3A-46E3-8B0F-2131E3235431",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9861BE52-4945-4F36-B6EF-701DB789CA28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0D6BFA82-5CA0-403F-98E6-342EF87AE366",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "79CBA8AF-9C3D-4510-8D91-7C42931CD3FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6DB694E3-96E1-4283-8DE3-91E930F76A65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EDB2B497-83A2-41A4-9F0D-CD17080CC1DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "91D7FA80-1FD9-48F3-934A-FC7B3BAD4FD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E30C8593-884E-4F6B-B107-0B3276EB1102",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A5B5CCB4-BB4F-4677-A7AA-B7C20682A00D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2408220F-FBDB-419E-8F04-35BED47CE213",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "350ACC22-669F-4429-A525-36F56EF9678C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the web server in IBM Lotus Domino 8.5.x through 8.5.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en el servidor web de IBM Lotus Domino v8.5.x trav\u00e9s de v8.5.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores sin especificar."
}
],
"id": "CVE-2012-4844",
"lastModified": "2024-11-21T01:43:36.153",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-02-27T21:55:03.997",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21614077"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79233"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21614077"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79233"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-02-27 21:55
Modified
2024-11-21 01:43
Severity ?
Summary
Open redirect vulnerability in the web server in IBM Lotus Domino 8.5.x through 8.5.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | lotus_domino | 8.5.0 | |
| ibm | lotus_domino | 8.5.0.1 | |
| ibm | lotus_domino | 8.5.1 | |
| ibm | lotus_domino | 8.5.1.1 | |
| ibm | lotus_domino | 8.5.1.2 | |
| ibm | lotus_domino | 8.5.1.3 | |
| ibm | lotus_domino | 8.5.1.4 | |
| ibm | lotus_domino | 8.5.1.5 | |
| ibm | lotus_domino | 8.5.2.0 | |
| ibm | lotus_domino | 8.5.2.1 | |
| ibm | lotus_domino | 8.5.2.2 | |
| ibm | lotus_domino | 8.5.2.3 | |
| ibm | lotus_domino | 8.5.2.4 | |
| ibm | lotus_domino | 8.5.3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A1588F54-4E8B-43C3-85E5-A12C04B694CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B6DDD0E9-9084-4F0A-B3F1-8357CAD88A3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E0059358-69C1-4F89-B4E6-B6BE22845D33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ECF00AEE-9A3A-46E3-8B0F-2131E3235431",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9861BE52-4945-4F36-B6EF-701DB789CA28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0D6BFA82-5CA0-403F-98E6-342EF87AE366",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "79CBA8AF-9C3D-4510-8D91-7C42931CD3FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6DB694E3-96E1-4283-8DE3-91E930F76A65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EDB2B497-83A2-41A4-9F0D-CD17080CC1DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "91D7FA80-1FD9-48F3-934A-FC7B3BAD4FD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E30C8593-884E-4F6B-B107-0B3276EB1102",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A5B5CCB4-BB4F-4677-A7AA-B7C20682A00D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2408220F-FBDB-419E-8F04-35BED47CE213",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "350ACC22-669F-4429-A525-36F56EF9678C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in the web server in IBM Lotus Domino 8.5.x through 8.5.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de redirecci\u00f3n abierta en el servidor web de IBM Lotus Domino v8.5.x hasta v8.5.3 que permite a atacantes remotos para redirigir a los usuarios a sitios web arbitrarios y llevar a cabo ataques de phishing a trav\u00e9s de vectores sin especificar."
}
],
"id": "CVE-2012-4842",
"lastModified": "2024-11-21T01:43:36.037",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-02-27T21:55:03.107",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21614077"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79232"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21614077"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79232"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-03-03 19:30
Modified
2024-11-21 01:13
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.281 for Domino 8.0.2 FP4 allows remote attackers to inject arbitrary web script or HTML via vectors related to lack of "XSS/CSRF Get Filter and Referer Check fixes."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | lotus_inotes | * | |
| ibm | lotus_inotes | 229.011 | |
| ibm | lotus_inotes | 229.021 | |
| ibm | lotus_inotes | 229.031 | |
| ibm | lotus_inotes | 229.041 | |
| ibm | lotus_inotes | 229.051 | |
| ibm | lotus_inotes | 229.061 | |
| ibm | lotus_inotes | 229.101 | |
| ibm | lotus_inotes | 229.111 | |
| ibm | lotus_inotes | 229.131 | |
| ibm | lotus_inotes | 229.141 | |
| ibm | lotus_inotes | 229.151 | |
| ibm | lotus_inotes | 229.161 | |
| ibm | lotus_inotes | 229.171 | |
| ibm | lotus_inotes | 229.181 | |
| ibm | lotus_inotes | 229.191 | |
| ibm | lotus_inotes | 229.201 | |
| ibm | lotus_inotes | 229.211 | |
| ibm | lotus_inotes | 229.221 | |
| ibm | lotus_inotes | 229.231 | |
| ibm | lotus_inotes | 229.241 | |
| ibm | lotus_inotes | 229.251 | |
| ibm | lotus_inotes | 229.261 | |
| ibm | lotus_domino | 8.0.2.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DA92AB06-5510-4109-AE3A-75834E5F8A00",
"versionEndIncluding": "229.271",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.011:*:*:*:*:*:*:*",
"matchCriteriaId": "62AF2DA6-98E4-4921-B36C-AA5771B3629E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.021:*:*:*:*:*:*:*",
"matchCriteriaId": "3CC0B87F-B742-466D-BF93-56BFECAC2E54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.031:*:*:*:*:*:*:*",
"matchCriteriaId": "708BEAEF-B186-470D-8148-9C0703B42765",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.041:*:*:*:*:*:*:*",
"matchCriteriaId": "83C58751-33AE-4A3F-A096-AB13FC8A64A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.051:*:*:*:*:*:*:*",
"matchCriteriaId": "01E2E70E-3C00-4AA2-AF8D-349E82806FA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.061:*:*:*:*:*:*:*",
"matchCriteriaId": "3508BE09-6B84-4819-BC0F-7E23964FE29D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.101:*:*:*:*:*:*:*",
"matchCriteriaId": "1A17FFE5-97F5-45D0-8C54-3C22BF1FFA72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.111:*:*:*:*:*:*:*",
"matchCriteriaId": "CE8C8052-8980-4265-929B-E27B6A914B4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.131:*:*:*:*:*:*:*",
"matchCriteriaId": "2D6C0F89-47E6-4895-909D-6AF8DBFE2477",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.141:*:*:*:*:*:*:*",
"matchCriteriaId": "590EBAF8-04A9-4DAD-9FCF-B1B38FF03374",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.151:*:*:*:*:*:*:*",
"matchCriteriaId": "717F7305-98E1-403D-B08A-6FE1FD83D2C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.161:*:*:*:*:*:*:*",
"matchCriteriaId": "3C4B46DA-B4E6-4AB0-AD85-7C77EFE14063",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.171:*:*:*:*:*:*:*",
"matchCriteriaId": "E1862CF3-0BF2-4F1B-80A9-0B5B02005A1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.181:*:*:*:*:*:*:*",
"matchCriteriaId": "1CC9488A-F368-498E-8CDE-2ADC6AED470B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.191:*:*:*:*:*:*:*",
"matchCriteriaId": "A2F8C056-91A2-410B-942A-E108B93AD1E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.201:*:*:*:*:*:*:*",
"matchCriteriaId": "BCD1A2BB-F7FC-4FE1-B633-F0AF79E0F5FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.211:*:*:*:*:*:*:*",
"matchCriteriaId": "805C7074-679E-4F11-A055-8C52B4E26F5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.221:*:*:*:*:*:*:*",
"matchCriteriaId": "840A1975-0C5B-44F0-9F2E-1BBE02AA0484",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.231:*:*:*:*:*:*:*",
"matchCriteriaId": "33A29245-F9DA-4F77-91EE-21C1FA3CE784",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.241:*:*:*:*:*:*:*",
"matchCriteriaId": "B55ED49B-092B-411B-84AE-847770EE096B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.251:*:*:*:*:*:*:*",
"matchCriteriaId": "483C2E2D-424C-453B-9D51-F53C6B32178B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.261:*:*:*:*:*:*:*",
"matchCriteriaId": "4348F385-9AE1-4F8C-9F22-BE50FCA3710B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.0.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F936FD55-AD59-47B3-8591-3F79B2ABB4E9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.281 for Domino 8.0.2 FP4 allows remote attackers to inject arbitrary web script or HTML via vectors related to lack of \"XSS/CSRF Get Filter and Referer Check fixes.\""
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en IBM Lotus iNotes (alias Domino Web Access o DWA) en versiones anteriores a la 229.281 para Domino 8.0.2 FP4 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n mediante vectores relacionado con la falta de \"XSS/CSRF Get Filter and Referer Check fixes.\""
}
],
"id": "CVE-2010-0920",
"lastModified": "2024-11-21T01:13:12.800",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-03-03T19:30:00.790",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27018109"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/38459"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0496"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27018109"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/38459"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0496"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-04-23 19:55
Modified
2024-11-21 02:02
Severity ?
Summary
IBM Notes and Domino 8.5.x before 8.5.3 FP6 IF3 and 9.x before 9.0.1 FP1 on 32-bit Linux platforms use incorrect gcc options, which makes it easier for remote attackers to execute arbitrary code by leveraging the absence of the NX protection mechanism and placing crafted x86 code on the stack, aka SPR KLYH9GGS9W.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A1588F54-4E8B-43C3-85E5-A12C04B694CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B6DDD0E9-9084-4F0A-B3F1-8357CAD88A3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E0059358-69C1-4F89-B4E6-B6BE22845D33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ECF00AEE-9A3A-46E3-8B0F-2131E3235431",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9861BE52-4945-4F36-B6EF-701DB789CA28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0D6BFA82-5CA0-403F-98E6-342EF87AE366",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "79CBA8AF-9C3D-4510-8D91-7C42931CD3FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6DB694E3-96E1-4283-8DE3-91E930F76A65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EDB2B497-83A2-41A4-9F0D-CD17080CC1DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "91D7FA80-1FD9-48F3-934A-FC7B3BAD4FD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E30C8593-884E-4F6B-B107-0B3276EB1102",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A5B5CCB4-BB4F-4677-A7AA-B7C20682A00D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2408220F-FBDB-419E-8F04-35BED47CE213",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "350ACC22-669F-4429-A525-36F56EF9678C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3C068055-FB7A-4AFB-AF29-28238ECF126F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1ACB4B2C-CCE1-4A0A-B962-B8C208869589",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BC1A8676-B2CA-49FF-A43E-EAC62170BF82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "71ADC0C5-36E9-426E-B302-56804B1800BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "24863689-9472-4C56-B3A8-3053494437C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "35B19F27-E6EE-41AA-937D-173E592A9278",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:9.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7025B610-6988-4A78-B0ED-6FB728AA6C28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:9.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AA3B3D5F-EB63-4ABA-8A27-BD654422DA54",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0119A252-73B1-490F-9371-06E8FDB8B979",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "57D24791-E798-4B08-A051-E880DEFB8268",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2758590C-67FD-4DD6-84C1-0D32264BBE5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A7FC083C-B25E-427F-B722-B5ABD4F072F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0B0CF8A5-BC24-4204-BC06-2E1E2FB60E4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CDA723DB-62C5-4C84-B0BA-5313FDA49D73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "92F08B96-D43E-407E-839C-4C3C5BB58B2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5E50C779-C780-45FB-BC77-B9717389D2EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "867779A4-A7A5-48AD-9AC0-C6476719A5EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6B7B7544-D60C-4B9A-BC29-B30AD86EC9B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9D475EF5-DBB3-4B98-BB07-83A2632B5E0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F797A209-65C0-4A20-9DA2-C5576C091DE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9B01BCFA-13B4-4AB3-9558-4B704F6DCFA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D027E003-84C9-4290-A032-649C5E66B23B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1D9A13AC-B552-4E86-9E5D-62354D78E49C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E5CDBCB-F314-453B-B837-B03B53215748",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7A92849F-05E0-47DB-AB43-8AC559568D0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7DBDF9A3-CFB2-42B3-B125-93B8A36E0ED1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9991C0A7-EF7B-48AF-BB7B-B54A1F2AB99E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8F3203D4-354C-46B2-B68C-5B23CDD5146B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:8.5.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E9AE476E-4245-4136-A713-4E725B53CD86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:9.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "234A9059-B0DE-4BEB-ADC4-76F906D86ECC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:9.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A53C163-AA20-4228-8BE4-58E22F742557",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Notes and Domino 8.5.x before 8.5.3 FP6 IF3 and 9.x before 9.0.1 FP1 on 32-bit Linux platforms use incorrect gcc options, which makes it easier for remote attackers to execute arbitrary code by leveraging the absence of the NX protection mechanism and placing crafted x86 code on the stack, aka SPR KLYH9GGS9W."
},
{
"lang": "es",
"value": "IBM Notes y Domino 8.5.x anterior a 8.5.3 FP6 IF3 y 9.x anterior a 9.0.1 FP1 en plataformas de 32-bit de Linux utilizan opciones gcc incorrectas, lo que facilita a atacantes remotos ejecutar c\u00f3digo arbitrario mediante el aprovechamiento de la ausencia del mecanismo de protecci\u00f3n NX y la colocaci\u00f3n de c\u00f3digo x86 manipulado en la pila, tambi\u00e9n conocido como SPR KLYH9GGS9W."
}
],
"id": "CVE-2014-0892",
"lastModified": "2024-11-21T02:02:59.523",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-04-23T19:55:05.173",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670264"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/350089"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91286"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670264"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/350089"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91286"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-09-19 04:00
Modified
2024-11-20 23:34
Severity ?
Summary
The default configuration of Lotus Domino server 5.0.8 includes system information (version, operating system, and build date) in the HTTP headers of replies, which allows remote attackers to obtain sensitive information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | lotus_domino | 5.0.8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A80A1E8B-43C8-449F-9B16-01F30D23E3D7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The default configuration of Lotus Domino server 5.0.8 includes system information (version, operating system, and build date) in the HTTP headers of replies, which allows remote attackers to obtain sensitive information."
}
],
"id": "CVE-2000-1215",
"lastModified": "2024-11-20T23:34:16.730",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-09-19T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=100094373621813\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/5552251934afaa9585256c0000737a7f?OpenDocument\u0026Highlight=0%2CAWHN4A8QWM"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/984555"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10685"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=100094373621813\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/5552251934afaa9585256c0000737a7f?OpenDocument\u0026Highlight=0%2CAWHN4A8QWM"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/984555"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10685"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-01-09 11:03
Modified
2024-11-21 00:05
Severity ?
Summary
Unspecified vulnerability in IBM Lotus Notes and Domino Server before 6.5.5, when running on AIX, allows attackers to cause a denial of service (deep recursion leading to stack overflow and crash) via long formulas.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | lotus_domino | 6.5.0 | |
| ibm | lotus_domino | 6.5.1 | |
| ibm | lotus_domino | 6.5.2 | |
| ibm | lotus_domino | 6.5.3 | |
| ibm | lotus_domino | 6.5.4 | |
| ibm | lotus_domino | 6.5.4 | |
| ibm | lotus_domino | 6.5.4 | |
| ibm | lotus_domino_enterprise_server | 6.5.2 | |
| ibm | lotus_domino_enterprise_server | 6.5.4 | |
| ibm | lotus_notes | 6.5 | |
| ibm | lotus_notes | 6.5.1 | |
| ibm | lotus_notes | 6.5.2 | |
| ibm | lotus_notes | 6.5.3 | |
| ibm | lotus_notes | 6.5.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0766C3F9-D2A2-4A58-9FF7-11B57232DEA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C00B8057-26DF-4064-A934-0AA88A0C1A6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8EFA5487-2D61-4E61-98A3-51882A8CE0C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A95404CC-47B8-40C6-BCED-FC3E68CA8D8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8F342FD1-7A60-4E7D-B56A-E1C3D560C728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.4:*:fp1:*:*:*:*:*",
"matchCriteriaId": "99E2CC18-4049-470A-B6DB-580C65FED0A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.4:*:fp2:*:*:*:*:*",
"matchCriteriaId": "2396543F-1507-493C-B57F-3082D6E68894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino_enterprise_server:6.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "40882B15-23A7-456C-B4DB-B1C7246BBC28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino_enterprise_server:6.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9D3195CA-CB62-4AEF-AC8C-C985A372FD89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1360A50E-C1E1-4690-874A-04CC7C1A77CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:6.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D94927A9-61FD-459F-9A6D-E581A4AF505C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:6.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D3B32BA2-9EB7-4294-A857-226A5B1CC401",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:6.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EF64CA16-6C20-42E1-BA68-BD63A873BFA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:6.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "12D7DD7B-CA90-44A5-9B7B-4A4985150689",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in IBM Lotus Notes and Domino Server before 6.5.5, when running on AIX, allows attackers to cause a denial of service (deep recursion leading to stack overflow and crash) via long formulas."
}
],
"id": "CVE-2006-0118",
"lastModified": "2024-11-21T00:05:41.397",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-01-09T11:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18328"
},
{
"source": "cve@mitre.org",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg27007054"
},
{
"source": "cve@mitre.org",
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/50c634bfe193efa5852570e4001baace?OpenDocument"
},
{
"source": "cve@mitre.org",
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/21d8fd7989fdf78d852570e4001bae68?OpenDocument"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/16158"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/0081"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24206"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18328"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg27007054"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/50c634bfe193efa5852570e4001baace?OpenDocument"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/21d8fd7989fdf78d852570e4001bae68?OpenDocument"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/16158"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/0081"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24206"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-06-06 21:30
Modified
2024-11-21 00:24
Severity ?
Summary
IBM Lotus Domino 7.0.x before 7.0.3 does not revalidate the signature on a signed scheduled agent after the agent is modified, which allows remote authenticated users to gain privileges via a modified agent in a server database.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | lotus_domino | 7.0 | |
| ibm | lotus_domino | 7.0.1 | |
| ibm | lotus_domino | 7.0.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8FDDB5FD-9152-4A9C-829B-8BA2ACB3A5A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A8A7AF44-125F-4760-8370-34B7B4CB8753",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "69495B18-39A4-443F-A724-F713C4DD14A2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Lotus Domino 7.0.x before 7.0.3 does not revalidate the signature on a signed scheduled agent after the agent is modified, which allows remote authenticated users to gain privileges via a modified agent in a server database."
},
{
"lang": "es",
"value": "IBM Lotus Domino 7.0.x versiones anteriores a 7.0.3 no revalida la firma en un agente planificado firmado despu\u00e9s de que el agente se modifique, lo cual permite a usuarios remotos autenticados obtener privilegios mediante un agente modificado en un servidor de base de datos."
}
],
"id": "CVE-2007-0068",
"lastModified": "2024-11-21T00:24:53.897",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-06-06T21:30:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/35765"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25520"
},
{
"source": "cve@mitre.org",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21258784"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/24322"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/2063"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34718"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/35765"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25520"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21258784"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/24322"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/2063"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34718"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-03-22 17:55
Modified
2024-11-21 01:11
Severity ?
Summary
Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.14 services for Lotus Domino, when Domino Native Authentication is enabled, might allow remote authenticated users to cause a denial of service (daemon crash) by going offline, aka SPR MLZG7UPB9N.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | lotus_quickr | 8.1 | |
| ibm | lotus_domino | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_quickr:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "83B3B388-0438-4806-9F21-2170428739DF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BE9179CA-5855-4F19-BAA6-D0A6DF468B9B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.14 services for Lotus Domino, when Domino Native Authentication is enabled, might allow remote authenticated users to cause a denial of service (daemon crash) by going offline, aka SPR MLZG7UPB9N."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en IBM Lotus Quickr 8.1 anteriores a 8.1.0.14 services para Lotus Domino, cuando la autenticaci\u00f3n nativa de Domino est\u00e1 activada, podr\u00eda permitir a usuarios remotos autenticados provocar una denegaci\u00f3n de servicio (ca\u00edda del demonio) poniendo el servidor fuera de l\u00ednea. Tambi\u00e9n conocido como SPR MLZG7UPB9N."
}
],
"id": "CVE-2009-5061",
"lastModified": "2024-11-21T01:11:05.930",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-03-22T17:55:01.190",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27013341"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27013341"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-01-09 18:30
Modified
2024-11-21 01:11
Severity ?
Summary
IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.241 for Domino 8.0.2 FP3 does not properly handle navigation of the "Try Lotus iNotes anyway" link from the page that reports use of an unsupported browser, which has unspecified impact and attack vectors, aka SPR LSHR7TBMQU.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | domino_web_access | * | |
| ibm | lotus_inotes | * | |
| ibm | lotus_domino | 8.0.2.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:domino_web_access:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4D53FB16-F441-48A4-A685-48257107EAC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "52A641CD-F146-4732-8C4A-8DF6C230EE8F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D419EFAE-E03F-4F4A-8C18-06BE61EBBF5D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.241 for Domino 8.0.2 FP3 does not properly handle navigation of the \"Try Lotus iNotes anyway\" link from the page that reports use of an unsupported browser, which has unspecified impact and attack vectors, aka SPR LSHR7TBMQU."
},
{
"lang": "es",
"value": "IBM Lotus iNotes (tambi\u00e9n conocido como Domino Web Access o DWA) anterior a v229.241 para Domino v8.0.2 FP3 no maneja adecuadamente la navegaci\u00f3n del \"Try Lotus iNotes anyway\" enlace desde la p\u00e1gina que informa del uso de un navegador no soportado, tiene u impacto y vectores de ataque sin especificar, tambi\u00e9n conocido como SPR LSHR7TBMQU."
}
],
"id": "CVE-2010-0276",
"lastModified": "2024-11-21T01:11:53.360",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-01-09T18:30:01.947",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38026"
},
{
"source": "cve@mitre.org",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27017776"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/37675"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0077"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55473"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38026"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27017776"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/37675"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0077"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55473"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-01-09 11:03
Modified
2024-11-21 00:05
Severity ?
Summary
Multiple unspecified vulnerabilities in IBM Lotus Notes and Domino Server before 6.5.5 allow attackers to cause a denial of service (application crash) via multiple vectors, involving (1) a malformed message sent to an "Out Of Office" agent (SPR LPEE6DMQWJ), (2) the compact command (RTIN5U2SAJ), (3) malformed bitmap images (MYAA6FH5HW), (4) the "Delete Attachment" action (YPHG6844LD), (5) parsing certificates from a remote Certificate Table (AELE6DZFJW), and (6) creating a SSL key ring with the Domino Administration client (NSUA4FQPTN).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | lotus_domino | 6.5.0 | |
| ibm | lotus_domino | 6.5.1 | |
| ibm | lotus_domino | 6.5.2 | |
| ibm | lotus_domino | 6.5.3 | |
| ibm | lotus_domino | 6.5.4 | |
| ibm | lotus_domino | 6.5.4 | |
| ibm | lotus_domino | 6.5.4 | |
| ibm | lotus_domino_enterprise_server | 6.5.2 | |
| ibm | lotus_domino_enterprise_server | 6.5.4 | |
| ibm | lotus_notes | 6.5 | |
| ibm | lotus_notes | 6.5.1 | |
| ibm | lotus_notes | 6.5.2 | |
| ibm | lotus_notes | 6.5.3 | |
| ibm | lotus_notes | 6.5.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0766C3F9-D2A2-4A58-9FF7-11B57232DEA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C00B8057-26DF-4064-A934-0AA88A0C1A6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8EFA5487-2D61-4E61-98A3-51882A8CE0C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A95404CC-47B8-40C6-BCED-FC3E68CA8D8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8F342FD1-7A60-4E7D-B56A-E1C3D560C728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.4:*:fp1:*:*:*:*:*",
"matchCriteriaId": "99E2CC18-4049-470A-B6DB-580C65FED0A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.4:*:fp2:*:*:*:*:*",
"matchCriteriaId": "2396543F-1507-493C-B57F-3082D6E68894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino_enterprise_server:6.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "40882B15-23A7-456C-B4DB-B1C7246BBC28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino_enterprise_server:6.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9D3195CA-CB62-4AEF-AC8C-C985A372FD89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1360A50E-C1E1-4690-874A-04CC7C1A77CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:6.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D94927A9-61FD-459F-9A6D-E581A4AF505C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:6.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D3B32BA2-9EB7-4294-A857-226A5B1CC401",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:6.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EF64CA16-6C20-42E1-BA68-BD63A873BFA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_notes:6.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "12D7DD7B-CA90-44A5-9B7B-4A4985150689",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in IBM Lotus Notes and Domino Server before 6.5.5 allow attackers to cause a denial of service (application crash) via multiple vectors, involving (1) a malformed message sent to an \"Out Of Office\" agent (SPR LPEE6DMQWJ), (2) the compact command (RTIN5U2SAJ), (3) malformed bitmap images (MYAA6FH5HW), (4) the \"Delete Attachment\" action (YPHG6844LD), (5) parsing certificates from a remote Certificate Table (AELE6DZFJW), and (6) creating a SSL key ring with the Domino Administration client (NSUA4FQPTN)."
}
],
"id": "CVE-2006-0120",
"lastModified": "2024-11-21T00:05:41.703",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-01-09T11:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18328"
},
{
"source": "cve@mitre.org",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg27007054"
},
{
"source": "cve@mitre.org",
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/258394eaa824f2c08525708a004209d3?OpenDocument"
},
{
"source": "cve@mitre.org",
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/040482aeb1416bb7852570e4001badd6?OpenDocument"
},
{
"source": "cve@mitre.org",
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/2bb4f466a9e986ae852570e4001babbb?OpenDocument"
},
{
"source": "cve@mitre.org",
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/4118a1f266afb26c852570e4001baf5e?OpenDocument"
},
{
"source": "cve@mitre.org",
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/5f166a44ee743b2c852570e4001baf31?OpenDocument"
},
{
"source": "cve@mitre.org",
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/ad0dd14aa109f96b852570e4001bb08c?OpenDocument"
},
{
"source": "cve@mitre.org",
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/ced5f873baea4e8b852570e4001baa6d?OpenDocument"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/16158"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/0081"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24212"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24213"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24214"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24215"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24216"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24217"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18328"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg27007054"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/258394eaa824f2c08525708a004209d3?OpenDocument"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/040482aeb1416bb7852570e4001badd6?OpenDocument"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/2bb4f466a9e986ae852570e4001babbb?OpenDocument"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/4118a1f266afb26c852570e4001baf5e?OpenDocument"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/5f166a44ee743b2c852570e4001baf31?OpenDocument"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/ad0dd14aa109f96b852570e4001bb08c?OpenDocument"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/ced5f873baea4e8b852570e4001baa6d?OpenDocument"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/16158"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/0081"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24212"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24213"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24214"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24215"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24216"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24217"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-11-10 02:46
Modified
2024-11-21 00:38
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Web Server (HTTP) task in IBM Lotus Domino before 6.5.6 FP2, and 7.x before 7.0.2 FP2, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | lotus_domino | * | |
| ibm | lotus_domino | 7.0 | |
| ibm | lotus_domino | 7.0.2 | |
| ibm | lotus_domino | 7.0.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:*:*:fp1:*:*:*:*:*",
"matchCriteriaId": "B7F0FE5A-912B-4F18-91CB-B6E3C360B9D6",
"versionEndIncluding": "6.5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8FDDB5FD-9152-4A9C-829B-8BA2ACB3A5A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "69495B18-39A4-443F-A724-F713C4DD14A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:7.0.2:*:fp1:*:*:*:*:*",
"matchCriteriaId": "4A7F62D7-8225-4B84-A3CE-B91616B5AAD9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Web Server (HTTP) task in IBM Lotus Domino before 6.5.6 FP2, and 7.x before 7.0.2 FP2, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la tarea del Servidor Web (HTTP) en el IBM Lotus Domino anterior al 6.5.6 FP2 y el 7.x anterior al 7.0.2 FP2, permite a atacantes remotos autenticados la inyecci\u00f3n de secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s de vectores sin especificar."
}
],
"id": "CVE-2007-5924",
"lastModified": "2024-11-21T00:38:57.460",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-11-10T02:46:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://jvn.jp/jp/JVN%2384565055/index.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/39720"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/27509"
},
{
"source": "cve@mitre.org",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21263871"
},
{
"source": "cve@mitre.org",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg27010980"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/3700"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/jp/JVN%2384565055/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/39720"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27509"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21263871"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg27010980"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/3700"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-02-08 22:00
Modified
2024-11-21 01:25
Severity ?
Summary
Stack-based buffer overflow in ndiiop.exe in the DIIOP implementation in the server in IBM Lotus Domino before 8.5.3 allows remote attackers to execute arbitrary code via a GIOP getEnvironmentString request, related to the local variable cache.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D9E1BDAF-D628-4797-AC6F-5D3D6422A218",
"versionEndIncluding": "8.5.2.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:4.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "51C33E15-C92F-4F22-9593-EFFE9F033730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:4.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5C91500D-E91E-4776-9F51-34E7EBB8F031",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:4.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F5441972-4038-4845-9B35-EF35C0053EB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3264F8E8-C40A-4C5C-BF2C-BD4690FE7EC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF9513C4-3F02-4C32-AD91-C4A5941A5A5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E570AFE6-CEAF-4F6F-81D3-CFFAAA8D5109",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CF6B527E-B1FE-41A3-A274-7BE2E893E6AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "92B419CE-813B-42AA-9E06-2059F7DEE669",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0.4a:*:*:*:*:*:*:*",
"matchCriteriaId": "197E7E1C-D545-46FB-890F-B92AB9DA2B94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "986B8670-2341-474D-8477-47627DF1ED02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "908E6F9A-FCE7-48C2-A307-057536944313",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0.6a:*:*:*:*:*:*:*",
"matchCriteriaId": "400521B9-F617-44A5-AF59-3D8DAE78067A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "00D21AF1-5802-41DA-8812-43B251D55CE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0.7a:*:*:*:*:*:*:*",
"matchCriteriaId": "78DCE051-78E2-4F35-9598-98C19110ECE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A80A1E8B-43C8-449F-9B16-01F30D23E3D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0.8a:*:*:*:*:*:*:*",
"matchCriteriaId": "A5E9D813-6EDD-48A0-9A2D-E08207F25AB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F49E352F-35C5-4C9A-9B3D-C8C6FC128B35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0.9a:*:*:*:*:*:*:*",
"matchCriteriaId": "CC2A846C-20EC-41A6-BF4C-8FB84C45CEE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "2E0761E0-E899-413E-97CF-23BDA9395B15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8471D114-204C-4B44-B0BE-C86226D8A5A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A9989FEB-3B5E-40FF-BDBF-CFC835BCF93B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B4B2AFF7-3921-402A-AE7A-BB9E2E8AA0A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2974F32F-19F1-42E5-AB4C-59ACC6D07ED5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C4BF6EB6-8A21-4FFD-A15F-797824D0F515",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B8A0BACA-DD1E-44AB-BF02-1F0DB179FF00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C1320064-F0E9-42C8-8E1C-9037684FA693",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "636FC0B6-8C7B-416E-9343-B6712C93D036",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3FD364F0-EE5B-4082-AD87-C9769F492E0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.0.2_cf2:*:*:*:*:*:*:*",
"matchCriteriaId": "64AB8494-6BC9-43CB-A645-43944B03D10A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "06DBE88F-F765-448E-88AF-3ED9FB98181A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AE30DC2C-35E9-4E4E-A8FF-2A31CF28B6DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9C9EE627-6072-4359-981B-0168F7D44B7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "53D6F4E6-2C8A-40B6-9DB9-38E15D2AFEEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0766C3F9-D2A2-4A58-9FF7-11B57232DEA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C00B8057-26DF-4064-A934-0AA88A0C1A6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8EFA5487-2D61-4E61-98A3-51882A8CE0C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D139E5E3-F66C-4184-9C4F-B06391147130",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A95404CC-47B8-40C6-BCED-FC3E68CA8D8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B39B06CE-E38C-469B-8E24-87B26F3BEB65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8F342FD1-7A60-4E7D-B56A-E1C3D560C728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EFBB2FBE-9A0A-49C9-A281-4D053513016B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D1B84127-574D-4C12-8823-787B1BBBAEA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C7708DE5-A3C2-4024-B5AE-FC9DE963935F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C709D66D-3AE7-48B7-9E27-5D1FE452643C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FB5AE863-C29F-4D32-8845-2D2426085071",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8FDDB5FD-9152-4A9C-829B-8BA2ACB3A5A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A8A7AF44-125F-4760-8370-34B7B4CB8753",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:7.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "48E4A116-4FEF-4EAF-B4C4-F6096853F791",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "69495B18-39A4-443F-A724-F713C4DD14A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:7.0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "63DD600E-2405-4954-B4EC-218ED0CF2492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:7.0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "42C54057-4166-476B-A184-CD3F4844D0D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:7.0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A0224534-201F-428A-A2D8-2C957BF57149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:7.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A946E7EE-769E-4676-AA7A-97CDD9168A5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:7.0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4AA31957-2452-4992-8DDA-7DDAAD09EC1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:7.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C8B5F961-7652-4967-BEEF-22F09484CDD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:7.0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "23E14D9F-97E1-4DFA-994F-DF7F118BFFA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:7.0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B09BFA8E-8F0F-4517-9F6A-B1097902324F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CE8510F6-D054-488E-99E9-A58272C47AA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "15DB2AF7-B494-4494-8686-33CB6A4C2CDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6FD6A3A3-6D6C-4EE0-B092-862DB03AC320",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1D2A467B-72FA-4280-A397-BC9D86D5B012",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D419EFAE-E03F-4F4A-8C18-06BE61EBBF5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.0.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F936FD55-AD59-47B3-8591-3F79B2ABB4E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.0.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E2FDC12D-2B2F-4967-8863-95A0F5AC2F21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.0.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E99A0A69-D443-469D-BDAB-F0250420C128",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E0059358-69C1-4F89-B4E6-B6BE22845D33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ECF00AEE-9A3A-46E3-8B0F-2131E3235431",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9861BE52-4945-4F36-B6EF-701DB789CA28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0D6BFA82-5CA0-403F-98E6-342EF87AE366",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "79CBA8AF-9C3D-4510-8D91-7C42931CD3FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6DB694E3-96E1-4283-8DE3-91E930F76A65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "05403BDA-56C0-465B-9669-19794DC7A7D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "91D7FA80-1FD9-48F3-934A-FC7B3BAD4FD6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in ndiiop.exe in the DIIOP implementation in the server in IBM Lotus Domino before 8.5.3 allows remote attackers to execute arbitrary code via a GIOP getEnvironmentString request, related to the local variable cache."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en ndiiop.exe en la aplicaci\u00f3n DIIOP en el servidor de IBM Lotus Domino v8.5.3 y anteriores, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante una petici\u00f3n getEnvironmentString de GIOP, relacionado con la cach\u00e9 de varible local."
}
],
"id": "CVE-2011-0913",
"lastModified": "2024-11-21T01:25:09.027",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-02-08T22:00:02.430",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/43208"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21461514"
},
{
"source": "cve@mitre.org",
"url": "http://zerodayinitiative.com/advisories/ZDI-11-053/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/43208"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21461514"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://zerodayinitiative.com/advisories/ZDI-11-053/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-08-03 04:00
Modified
2024-11-20 23:59
Severity ?
Summary
Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" enabled, stores sensitive data from names.nsf in hidden form fields, which allows remote attackers to read the HTML source to obtain sensitive information such as (1) the password hash in the HTTPPassword field, (2) the password change date in the HTTPPasswordChangeDate field, (3) the client platform in the ClntPltfrm field, (4) the client machine name in the ClntMachine field, and (5) the client Lotus Domino release in the ClntBld field, a different vulnerability than CVE-2005-2696.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | lotus_domino | 5.0 | |
| ibm | lotus_domino | 6.0 | |
| ibm | lotus_domino | 6.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3264F8E8-C40A-4C5C-BF2C-BD4690FE7EC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A9989FEB-3B5E-40FF-BDBF-CFC835BCF93B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "53D6F4E6-2C8A-40B6-9DB9-38E15D2AFEEF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Lotus Domino R5 and R6 WebMail, with \"Generate HTML for all fields\" enabled, stores sensitive data from names.nsf in hidden form fields, which allows remote attackers to read the HTML source to obtain sensitive information such as (1) the password hash in the HTTPPassword field, (2) the password change date in the HTTPPasswordChangeDate field, (3) the client platform in the ClntPltfrm field, (4) the client machine name in the ClntMachine field, and (5) the client Lotus Domino release in the ClntBld field, a different vulnerability than CVE-2005-2696."
},
{
"lang": "es",
"value": "Lotus Domino R5 and R6 WebMail almacena datos en campos ocultos en \"names.nsf\" (con permisos de lectura universal), lo que permite que atacantes remotos otengan informaci\u00f3n confidencial mirando el c\u00f3digo HTML."
}
],
"id": "CVE-2005-2428",
"lastModified": "2024-11-20T23:59:32.037",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-08-03T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=112240869130356\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/16231/"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1014584"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21212934"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cybsec.com/vuln/default_configuration_information_disclosure_lotus_domino.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/18462"
},
{
"source": "cve@mitre.org",
"url": "http://www.securiteam.com/securitynews/5FP0E15GLQ.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/14389"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21556"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/39495/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=112240869130356\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/16231/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1014584"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21212934"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cybsec.com/vuln/default_configuration_information_disclosure_lotus_domino.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/18462"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securiteam.com/securitynews/5FP0E15GLQ.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/14389"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21556"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/39495/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-03-22 17:55
Modified
2024-11-21 00:58
Severity ?
Summary
IBM Lotus Quickr 8.1 before 8100.003 services for Lotus Domino allows remote authenticated users to cause a denial of service (daemon crash) by clicking a download link, aka SPR QCAO7E6AM8.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | lotus_quickr | 8.1 | |
| ibm | lotus_domino | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_quickr:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "83B3B388-0438-4806-9F21-2170428739DF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BE9179CA-5855-4F19-BAA6-D0A6DF468B9B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Lotus Quickr 8.1 before 8100.003 services for Lotus Domino allows remote authenticated users to cause a denial of service (daemon crash) by clicking a download link, aka SPR QCAO7E6AM8."
},
{
"lang": "es",
"value": "IBM Lotus Quickr v8.1 anteriores a v8.100.003, para Lotus Domino permite a usuarios remotos autenticados provocar una denegaci\u00f3n de servicio (ca\u00edda del demonio) haciendo clic en un enlace de descarga, tambi\u00e9n conocido como QCAO7E6AM8 SPR."
}
],
"id": "CVE-2008-7284",
"lastModified": "2024-11-21T00:58:44.513",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-03-22T17:55:01.097",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27013341"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27013341"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-12-21 14:22
Modified
2024-11-21 01:54
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.x before 8.5.3 FP6 and 9.0.x before 9.0.1, when ultra-light mode is enabled, allows remote attackers to inject arbitrary web script or HTML via active content in an e-mail message, aka SPR TCLE98ZKRP.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | lotus_domino | 8.5.3.0 | |
| ibm | lotus_domino | 8.5.3.1 | |
| ibm | lotus_domino | 8.5.3.2 | |
| ibm | lotus_domino | 8.5.3.3 | |
| ibm | lotus_domino | 8.5.3.4 | |
| ibm | lotus_domino | 8.5.3.5 | |
| ibm | lotus_domino | 9.0.0.0 | |
| ibm | lotus_inotes | 8.5.3.0 | |
| ibm | lotus_inotes | 8.5.3.1 | |
| ibm | lotus_inotes | 8.5.3.2 | |
| ibm | lotus_inotes | 8.5.3.3 | |
| ibm | lotus_inotes | 8.5.3.4 | |
| ibm | lotus_inotes | 8.5.3.5 | |
| ibm | lotus_inotes | 9.0.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "350ACC22-669F-4429-A525-36F56EF9678C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3C068055-FB7A-4AFB-AF29-28238ECF126F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1ACB4B2C-CCE1-4A0A-B962-B8C208869589",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BC1A8676-B2CA-49FF-A43E-EAC62170BF82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "71ADC0C5-36E9-426E-B302-56804B1800BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:8.5.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "24863689-9472-4C56-B3A8-3053494437C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:9.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7025B610-6988-4A78-B0ED-6FB728AA6C28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:8.5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "76D0D493-1BFD-4054-BDB0-F338BFAFDC5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:8.5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F088F719-F4BE-4B49-B022-96D43664155B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:8.5.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B7F797B7-C3EA-4A12-8D69-217FBD4B9EB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:8.5.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AFCA4DA1-302C-42AD-9317-DC733A17696B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:8.5.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B102407C-3CCE-45A5-A3A2-9C24D5F4866A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:8.5.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "577AA3FA-31BA-429C-8CE6-B3776F5CF857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_inotes:9.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F9B79C2F-8633-47A2-ADB5-FEB0EEB10B90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.x before 8.5.3 FP6 and 9.0.x before 9.0.1, when ultra-light mode is enabled, allows remote attackers to inject arbitrary web script or HTML via active content in an e-mail message, aka SPR TCLE98ZKRP."
},
{
"lang": "es",
"value": "Vulnerabilidad cross-site scripting (XSS) en iNotes de IBM Domino 8.5.x anteriores a 8.5.3 FP6 y 9.0.x anteriores a 9.0.1, cuando el modo ultra-light est\u00e1 activado, permite a atacantes remotos inyectar script web o HTML a trav\u00e9s de contenido activo en un mensaje de email, tambien conocido como SPR TCLE98ZKRP."
}
],
"id": "CVE-2013-4065",
"lastModified": "2024-11-21T01:54:49.000",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-12-21T14:22:56.783",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21659959"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86596"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21659959"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86596"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-11-08 23:07
Modified
2024-11-21 00:20
Severity ?
Summary
Multiple buffer overflows in tunekrnl in IBM Lotus Domino 6.x before 6.5.5 FP2 and 7.x before 7.0.2 allow local users to gain privileges and execute arbitrary code via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | lotus_domino | * | |
| ibm | lotus_domino | * | |
| ibm | lotus_domino | 6.0 | |
| ibm | lotus_domino | 6.0.1 | |
| ibm | lotus_domino | 6.0.2 | |
| ibm | lotus_domino | 6.0.2_cf2 | |
| ibm | lotus_domino | 6.0.3 | |
| ibm | lotus_domino | 6.0.4 | |
| ibm | lotus_domino | 6.0.5 | |
| ibm | lotus_domino | 6.5 | |
| ibm | lotus_domino | 6.5.1 | |
| ibm | lotus_domino | 6.5.2 | |
| ibm | lotus_domino | 6.5.3 | |
| ibm | lotus_domino | 6.5.4 | |
| ibm | lotus_domino | 6.5.4 | |
| ibm | lotus_domino | 6.5.4 | |
| ibm | lotus_domino | 6.5.5 | |
| ibm | lotus_domino | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:*:*:fp1:*:*:*:*:*",
"matchCriteriaId": "788A2DC5-8DFC-47D8-AAB5-004A2AC2E047",
"versionEndIncluding": "6.5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3C3463C8-5B27-4C08-B1F5-571423F8C739",
"versionEndIncluding": "7.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A9989FEB-3B5E-40FF-BDBF-CFC835BCF93B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B4B2AFF7-3921-402A-AE7A-BB9E2E8AA0A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C1320064-F0E9-42C8-8E1C-9037684FA693",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.0.2_cf2:*:*:*:*:*:*:*",
"matchCriteriaId": "64AB8494-6BC9-43CB-A645-43944B03D10A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "06DBE88F-F765-448E-88AF-3ED9FB98181A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AE30DC2C-35E9-4E4E-A8FF-2A31CF28B6DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9C9EE627-6072-4359-981B-0168F7D44B7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "53D6F4E6-2C8A-40B6-9DB9-38E15D2AFEEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C00B8057-26DF-4064-A934-0AA88A0C1A6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8EFA5487-2D61-4E61-98A3-51882A8CE0C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A95404CC-47B8-40C6-BCED-FC3E68CA8D8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8F342FD1-7A60-4E7D-B56A-E1C3D560C728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.4:*:fp1:*:*:*:*:*",
"matchCriteriaId": "99E2CC18-4049-470A-B6DB-580C65FED0A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.4:*:fp2:*:*:*:*:*",
"matchCriteriaId": "2396543F-1507-493C-B57F-3082D6E68894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C709D66D-3AE7-48B7-9E27-5D1FE452643C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8FDDB5FD-9152-4A9C-829B-8BA2ACB3A5A1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in tunekrnl in IBM Lotus Domino 6.x before 6.5.5 FP2 and 7.x before 7.0.2 allow local users to gain privileges and execute arbitrary code via unspecified vectors."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de b\u00fafer en el tunekrnl de IBM Lotus Domino 6.x en versiones anteriores a la 6.5.5 FP2 y 7.x en versiones anteriores a la 7.0.2 permite a usuarios locales obtener privilegios y ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de vectores sin especificar.\r\n"
}
],
"evaluatorSolution": "This vulnerability is addressed in the following product releases:\r\nIBM, Lotus Domino, 6.5.5 FP2\r\nIBM, Lotus Domino, 7.0.2",
"id": "CVE-2006-5818",
"lastModified": "2024-11-21T00:20:40.730",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-11-08T23:07:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=440"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/22724"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1017198"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www-1.ibm.com/support/docview.wss?rs=475\u0026uid=swg21249173"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/20967"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/4411"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30151"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=440"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/22724"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1017198"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www-1.ibm.com/support/docview.wss?rs=475\u0026uid=swg21249173"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/20967"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/4411"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30151"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-03-28 21:19
Modified
2024-11-21 00:28
Severity ?
Summary
Buffer overflow in the CRAM-MD5 authentication mechanism in the IMAP server (nimap.exe) in IBM Lotus Domino before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to cause a denial of service via a long username.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | lotus_domino | 6.5.0 | |
| ibm | lotus_domino | 6.5.1 | |
| ibm | lotus_domino | 6.5.2 | |
| ibm | lotus_domino | 6.5.3 | |
| ibm | lotus_domino | 6.5.4 | |
| ibm | lotus_domino | 6.5.4 | |
| ibm | lotus_domino | 6.5.4 | |
| ibm | lotus_domino | 6.5.5 | |
| ibm | lotus_domino | 6.5.5 | |
| ibm | lotus_domino | 6.5.5 | |
| ibm | lotus_domino | 7.0 | |
| ibm | lotus_domino | 7.0.1 | |
| ibm | lotus_domino | 7.0.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0766C3F9-D2A2-4A58-9FF7-11B57232DEA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C00B8057-26DF-4064-A934-0AA88A0C1A6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8EFA5487-2D61-4E61-98A3-51882A8CE0C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A95404CC-47B8-40C6-BCED-FC3E68CA8D8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8F342FD1-7A60-4E7D-B56A-E1C3D560C728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.4:*:fp1:*:*:*:*:*",
"matchCriteriaId": "99E2CC18-4049-470A-B6DB-580C65FED0A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.4:*:fp2:*:*:*:*:*",
"matchCriteriaId": "2396543F-1507-493C-B57F-3082D6E68894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C709D66D-3AE7-48B7-9E27-5D1FE452643C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.5:*:fp1:*:*:*:*:*",
"matchCriteriaId": "7B0B5F96-0762-45D3-B13E-1E4ED04AD69D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.5:*:fp2:*:*:*:*:*",
"matchCriteriaId": "DB1EA406-6488-46C0-B857-0BFFAA65B258",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8FDDB5FD-9152-4A9C-829B-8BA2ACB3A5A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A8A7AF44-125F-4760-8370-34B7B4CB8753",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "69495B18-39A4-443F-A724-F713C4DD14A2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the CRAM-MD5 authentication mechanism in the IMAP server (nimap.exe) in IBM Lotus Domino before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to cause a denial of service via a long username."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en el mecanismo de autenticaci\u00f3n CRAM-MD5 del servidor IMAP (nimap.exe) de IBM Lotus Domino anterior a 6.5.6 y 7.x anterior a 7.0.2 FP1 permite a atacantes remotos provocar una denegaci\u00f3n de servicio mediante un nombre de usuario largo."
}
],
"id": "CVE-2007-1675",
"lastModified": "2024-11-21T00:28:54.357",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-03-28T21:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24633"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21257028"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/23172"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/23173"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1017823"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/1133"
},
{
"source": "cve@mitre.org",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-011.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33276"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24633"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21257028"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/23172"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/23173"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1017823"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/1133"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33276"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-12-31 05:00
Modified
2024-11-21 00:05
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Lotus Domino versions before 6.5.4 fix pack 1 (FP1) and versions before 7.0 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | lotus_domino | 6.0.5 | |
| ibm | lotus_domino | 6.5.4 | |
| ibm | lotus_domino | 6.5.4.1 | |
| ibm | lotus_domino | 6.5.4.2 | |
| ibm | lotus_domino | 6.5.4.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9C9EE627-6072-4359-981B-0168F7D44B7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8F342FD1-7A60-4E7D-B56A-E1C3D560C728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EFBB2FBE-9A0A-49C9-A281-4D053513016B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D1B84127-574D-4C12-8823-787B1BBBAEA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:lotus_domino:6.5.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C7708DE5-A3C2-4024-B5AE-FC9DE963935F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Lotus Domino versions before 6.5.4 fix pack 1 (FP1) and versions before 7.0 allows remote attackers to inject arbitrary web script or HTML via unknown vectors."
}
],
"id": "CVE-2005-4819",
"lastModified": "2024-11-21T00:05:15.517",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www-1.ibm.com/support/docview.wss?rs=0\u0026uid=swg21201845"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www-1.ibm.com/support/docview.wss?rs=463\u0026uid=swg21217285"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.osvdb.org/displayvuln.php?osvdb_id=19614"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/14901"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securitytracker.com/alerts/2005/Sep/1014946.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22358"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www-1.ibm.com/support/docview.wss?rs=0\u0026uid=swg21201845"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www-1.ibm.com/support/docview.wss?rs=463\u0026uid=swg21217285"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.osvdb.org/displayvuln.php?osvdb_id=19614"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/14901"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securitytracker.com/alerts/2005/Sep/1014946.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22358"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}