Lucene search

[email protected]CVE-2005-2454

HistoryDec 31, 2005 - 5:00 a.m.

CVE-2005-2454

2005-12-3105:00:00

CWE-264

[email protected]

web.nvd.nist.gov

ibm

lotus notes

cve-2005-2454

insecure default permissions

local users

privileges

6.5 Medium

AI Score

Confidence

Low

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0005 Low

EPSS

Percentile

15.6%

JSON

IBM Lotus Notes 6.5.4 and 6.5.5, and 7.0.0 and 7.0.1, uses insecure default permissions (Everyone/Full Control) for the “Notes” folder and all children, which allows local users to gain privileges and modify, add, or delete files in that folder.

CPENameOperatorVersion
ibm:lotus_notesibm lotus noteseq7.0.0
ibm:lotus_notesibm lotus noteseq6.5.4
ibm:lotus_notesibm lotus noteseq7.0.1
ibm:lotus_notesibm lotus noteseq6.5.5

CPE	Name	Operator	Version
ibm:lotus_notes	ibm lotus notes	eq	7.0.0
ibm:lotus_notes	ibm lotus notes	eq	6.5.4
ibm:lotus_notes	ibm lotus notes	eq	7.0.1
ibm:lotus_notes	ibm lotus notes	eq	6.5.5

References

secunia.com/advisories/19537

secunia.com/advisories/27342

secunia.com/secunia_research/2005-29/advisory/

securitytracker.com/id?1017086

www-1.ibm.com/support/docview.wss?rs=463&uid=swg21246773

www.kb.cert.org/vuls/id/383092

www.osvdb.org/29761

www.securityfocus.com/archive/1/449126/100/0/threaded

www.securityfocus.com/bid/20612

www.vupen.com/english/advisories/2006/4093

exchange.xforce.ibmcloud.com/vulnerabilities/29660

6.5 Medium

AI Score

Confidence

Low

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0005 Low

EPSS

Percentile

15.6%

JSON

Related for CVE-2005-2454

securityvulns2 cert1