Lucene search

MitreCVE-2007-5700

HistoryOct 29, 2007 - 9:46 p.m.

CVE-2007-5700

2007-10-2921:46:00

mitre

web.nvd.nist.gov

cve-2007-5700

ibm lotus domino

evaluate lotusscript

security context

remote authenticated users

privileges

sensitive information

nvd

CVSS2

6.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:C/I:N/A:N

AI Score

6.5

Confidence

Low

EPSS

0.002

Percentile

65.3%

JSON

The Evaluate LotusScript method in IBM Lotus Domino before 7.0.3 uses an incorrect security context for @ formula commands in some circumstances, which might allow remote authenticated users to gain privileges and obtain sensitive information.

Affected configurations

Nvd

Node

ibmlotus_dominoMatch6.5.5

ibmlotus_dominoMatch6.5.5fp1

ibmlotus_dominoMatch6.5.5fp2

ibmlotus_dominoMatch6.5.5fp3

ibmlotus_dominoMatch6.5.6

ibmlotus_dominoMatch6.5.6fp1

ibmlotus_dominoMatch7.0

ibmlotus_dominoMatch7.0.2

ibmlotus_dominoMatch7.0.2fp1

ibmlotus_dominoMatch7.0.2fp2

VendorProductVersionCPE
ibmlotus_domino6.5.5cpe:2.3:a:ibm:lotus_domino:6.5.5:*:*:*:*:*:*:*
ibmlotus_domino6.5.5cpe:2.3:a:ibm:lotus_domino:6.5.5:*:fp1:*:*:*:*:*
ibmlotus_domino6.5.5cpe:2.3:a:ibm:lotus_domino:6.5.5:*:fp2:*:*:*:*:*
ibmlotus_domino6.5.5cpe:2.3:a:ibm:lotus_domino:6.5.5:*:fp3:*:*:*:*:*
ibmlotus_domino6.5.6cpe:2.3:a:ibm:lotus_domino:6.5.6:*:*:*:*:*:*:*
ibmlotus_domino6.5.6cpe:2.3:a:ibm:lotus_domino:6.5.6:*:fp1:*:*:*:*:*
ibmlotus_domino7.0cpe:2.3:a:ibm:lotus_domino:7.0:*:*:*:*:*:*:*
ibmlotus_domino7.0.2cpe:2.3:a:ibm:lotus_domino:7.0.2:*:*:*:*:*:*:*
ibmlotus_domino7.0.2cpe:2.3:a:ibm:lotus_domino:7.0.2:*:fp1:*:*:*:*:*
ibmlotus_domino7.0.2cpe:2.3:a:ibm:lotus_domino:7.0.2:*:fp2:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	lotus_domino	6.5.5	cpe:2.3:a:ibm:lotus_domino:6.5.5:::::::*
ibm	lotus_domino	6.5.5	cpe:2.3:a:ibm:lotus_domino:6.5.5::fp1:::::
ibm	lotus_domino	6.5.5	cpe:2.3:a:ibm:lotus_domino:6.5.5::fp2:::::
ibm	lotus_domino	6.5.5	cpe:2.3:a:ibm:lotus_domino:6.5.5::fp3:::::
ibm	lotus_domino	6.5.6	cpe:2.3:a:ibm:lotus_domino:6.5.6:::::::*
ibm	lotus_domino	6.5.6	cpe:2.3:a:ibm:lotus_domino:6.5.6::fp1:::::
ibm	lotus_domino	7.0	cpe:2.3:a:ibm:lotus_domino:7.0:::::::*
ibm	lotus_domino	7.0.2	cpe:2.3:a:ibm:lotus_domino:7.0.2:::::::*
ibm	lotus_domino	7.0.2	cpe:2.3:a:ibm:lotus_domino:7.0.2::fp1:::::
ibm	lotus_domino	7.0.2	cpe:2.3:a:ibm:lotus_domino:7.0.2::fp2:::::

References

osvdb.org/40951

secunia.com/advisories/27321

www-1.ibm.com/support/docview.wss?uid=swg21273266

www.securityfocus.com/bid/26176

www.vupen.com/english/advisories/2007/3598

exchange.xforce.ibmcloud.com/vulnerabilities/37369

CVSS2

6.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:C/I:N/A:N

AI Score

6.5

Confidence

Low

EPSS

0.002

Percentile

65.3%

JSON

Related for CVE-2007-5700