Design/Logic Flaw

2010-01-0918:30:00

PRIOn knowledge base

www.prio-n.com

7.2 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

69.6%

JSON

Ultra-light Mode in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.241 for Domino 8.0.2 FP3 does not properly handle script commands in the status-alerts URL, which has unspecified impact and attack vectors, aka SPR LSHR7TBM58.

CPENameOperatorVersion
lotus_inotesle229.231
lotus_inoteseq229.011
lotus_inoteseq229.021
lotus_inoteseq229.031
lotus_inoteseq229.041
lotus_inoteseq229.051
lotus_inoteseq229.061
lotus_inoteseq229.101
lotus_inoteseq229.111
lotus_inoteseq229.131

Name	Operator	Version
lotus_inotes	le	229.231
lotus_inotes	eq	229.011
lotus_inotes	eq	229.021
lotus_inotes	eq	229.031
lotus_inotes	eq	229.041
lotus_inotes	eq	229.051
lotus_inotes	eq	229.061
lotus_inotes	eq	229.101
lotus_inotes	eq	229.111
lotus_inotes	eq	229.131

Rows per page:

1-10 of 191

References

secunia.com/advisories/38026

www-01.ibm.com/support/docview.wss?uid=swg27017776

www.securityfocus.com/bid/37675

www.vupen.com/english/advisories/2010/0077

exchange.xforce.ibmcloud.com/vulnerabilities/55471