Lucene search

[email protected]NVD:CVE-2011-1520

HistoryMar 25, 2011 - 7:55 p.m.

CVE-2011-1520

2011-03-2519:55:02

CWE-287

[email protected]

web.nvd.nist.gov

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.1

Confidence

Low

EPSS

0.001

Percentile

20.6%

JSON

The default configuration of the server console in IBM Lotus Domino does not require a password (aka Server_Console_Password), which allows physically proximate attackers to perform administrative changes or obtain sensitive information via a (1) Load, (2) Tell, or (3) Set Configuration command.

Affected configurations

Nvd

Node

ibmlotus_domino

VendorProductVersionCPE
ibmlotus_domino*cpe:2.3:a:ibm:lotus_domino:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	lotus_domino	*	cpe:2.3:a:ibm:lotus_domino::::::::

References

publib.boulder.ibm.com/infocenter/domhelp/v8r0/index.jsp?topic=/com.ibm.help.domino.admin.doc/DOC/H_THE_DOMINO_CONTROLLER_AND_CONSOLE_OVER.html

securityreason.com/securityalert/8164

www.lotus.com/ldd/doc/domino_notes/rnext/help6_admin.nsf/2e73cbb2141acefa85256b8700688cea/0c50e423038555d085256c1d003a31f0?OpenDocument

www.lotus.com/ldd/dominowiki.nsf/dx/server_console_password

www.securityfocus.com/archive/1/517119/100/0/threaded

www.zerodayinitiative.com/advisories/ZDI-11-110

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.1

Confidence

Low

EPSS

0.001

Percentile

20.6%

JSON

Related for NVD:CVE-2011-1520

prion1 cvelist1 cve1 openvas1