CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
93.2%
Stack-based buffer overflow in the Lotus Domino Web Access ActiveX control in IBM Lotus iNotes (aka Domino Web Access or DWA) 6.5, 7.0 before 7.0.4, 8.0, 8.0.2, and before 229.281 for Domino 8.0.2 FP4 allows remote attackers to execute arbitrary code via a long URL argument to an unspecified method, aka PRAD7JTNHJ.
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | domino_web_access | 6.5 | cpe:2.3:a:ibm:domino_web_access:6.5:*:*:*:*:*:*:* |
ibm | domino_web_access | 7.0 | cpe:2.3:a:ibm:domino_web_access:7.0:*:*:*:*:*:*:* |
ibm | domino_web_access | 7.0.1 | cpe:2.3:a:ibm:domino_web_access:7.0.1:*:*:*:*:*:*:* |
ibm | domino_web_access | 7.0.2 | cpe:2.3:a:ibm:domino_web_access:7.0.2:*:*:*:*:*:*:* |
ibm | domino_web_access | 7.0.3 | cpe:2.3:a:ibm:domino_web_access:7.0.3:*:*:*:*:*:*:* |
ibm | domino_web_access | 8.0 | cpe:2.3:a:ibm:domino_web_access:8.0:*:*:*:*:*:*:* |
ibm | domino_web_access | 8.0.2 | cpe:2.3:a:ibm:domino_web_access:8.0.2:*:*:*:*:*:*:* |
ibm | lotus_inotes | * | cpe:2.3:a:ibm:lotus_inotes:*:*:*:*:*:*:*:* |
ibm | lotus_inotes | 229.011 | cpe:2.3:a:ibm:lotus_inotes:229.011:*:*:*:*:*:*:* |
ibm | lotus_inotes | 229.021 | cpe:2.3:a:ibm:lotus_inotes:229.021:*:*:*:*:*:*:* |
labs.idefense.com/intelligence/vulnerabilities/display.php?id=857
secunia.com/advisories/38681
secunia.com/advisories/38744
secunia.com/advisories/38755
securitytracker.com/id?1023662
www-01.ibm.com/support/docview.wss?uid=swg21421808
www-01.ibm.com/support/docview.wss?uid=swg27018109
www.osvdb.org/62612
www.securityfocus.com/bid/38457
www.securityfocus.com/bid/38459
www.vupen.com/english/advisories/2010/0495
www.vupen.com/english/advisories/2010/0496
exchange.xforce.ibmcloud.com/vulnerabilities/56555