CVE-2007-4309

2007-08-1321:17:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

ibm

lotus notes

security

cve-2007-4309

administration

password management

6.1 Medium

AI Score

Confidence

Low

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

55.3%

JSON

IBM Lotus Notes 5.x through 7.0.2 allows user-assisted remote authenticated administrators to obtain a cleartext notes.id password by setting the notes.ini (1) KFM_ShowEntropy and (2) Debug_Outfile debug variables, a different vulnerability than CVE-2005-2696.

CPENameOperatorVersion
ibm:lotus_notesibm lotus noteseq5.0
ibm:lotus_notesibm lotus noteseq6.0
ibm:lotus_notesibm lotus noteseq7.0
ibm:lotus_notesibm lotus noteseq7.0.1
ibm:lotus_notesibm lotus noteseq7.0.2

CPE	Name	Operator	Version
ibm:lotus_notes	ibm lotus notes	eq	5.0
ibm:lotus_notes	ibm lotus notes	eq	6.0
ibm:lotus_notes	ibm lotus notes	eq	7.0
ibm:lotus_notes	ibm lotus notes	eq	7.0.1
ibm:lotus_notes	ibm lotus notes	eq	7.0.2