Lotus Notes Traveler@8.5.0.1 Security Vulnerabilities and Issues — Lotus Notes Traveler@8.5.0.1 CVE List

Lucene search

IbmLotus Notes Traveler8.5.0.1

18 matches found

CVE•added 2013/01/11 12:55 a.m.•110 views

CVE-2012-4820

Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Ti...

9.3CVSS4.5AI score0.09366EPSS

CVE•added 2013/01/11 12:55 a.m.•86 views

CVE-2012-4821

Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics Syst...

9.3CVSS5.5AI score0.05992EPSS

CVE•added 2013/01/11 12:55 a.m.•86 views

CVE-2012-4823

9.3CVSS5.2AI score0.13162EPSS

CVE•added 2013/01/11 12:55 a.m.•82 views

CVE-2012-4822

9.3CVSS5.3AI score0.10236EPSS

CVE•added 2012/10/08 10:47 a.m.•44 views

CVE-2012-5307

Cross-site scripting (XSS) vulnerability in servlet/traveler in IBM Lotus Notes Traveler before 8.5.3.3 Interim Fix 1, when Firefox is used, allows remote attackers to inject arbitrary web script or HTML via the redirectURL parameter, a different vulnerability than CVE-2012-4824 and CVE-2012-4825.

2.6CVSS5.5AI score0.00236EPSS

CVE•added 2010/12/16 8:0 p.m.•41 views

CVE-2010-4545

IBM Lotus Notes Traveler before 8.5.1.2 allows remote authenticated users to cause a denial of service (resource consumption and sync outage) by syncing a large volume of data.

4CVSS6.3AI score0.00406EPSS

CVE•added 2010/12/16 8:0 p.m.•40 views

CVE-2010-4550

IBM Lotus Notes Traveler before 8.5.1.3 allows remote attackers to cause a denial of service (sync failure) via a malformed document.

5CVSS6.6AI score0.00645EPSS

CVE•added 2010/12/16 8:0 p.m.•38 views

CVE-2010-4544

Cross-site scripting (XSS) vulnerability in the servlet in IBM Lotus Notes Traveler before 8.5.1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.7AI score0.00256EPSS

CVE•added 2010/12/16 8:0 p.m.•38 views

CVE-2010-4551

IBM Lotus Notes Traveler before 8.5.1.2 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by omitting the Internet ID field in the person document, and then using an Apple device to (1) accept or (2) decline an invitation.

4CVSS5.9AI score0.00406EPSS

CVE•added 2010/12/16 8:0 p.m.•38 views

CVE-2010-4552

Memory leak in IBM Lotus Notes Traveler before 8.5.1.1 allows remote attackers to cause a denial of service (memory consumption and daemon outage) by sending many embedded objects in e-mail messages for iPhone clients.

5CVSS6.8AI score0.00645EPSS

CVE•added 2012/10/08 10:47 a.m.•38 views

CVE-2012-4825

Multiple cross-site scripting (XSS) vulnerabilities in servlet/traveler/ILNT.mobileconfig in IBM Lotus Notes Traveler before 8.5.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) userId or (2) address parameter in a getClientConfigFile action.

4.3CVSS5.6AI score0.00236EPSS

CVE•added 2010/12/16 8:0 p.m.•37 views

CVE-2010-4549

IBM Lotus Notes Traveler before 8.5.1.3 on the Nokia s60 device successfully performs a Replace Data operation for a prohibited application, which allows remote authenticated users to bypass intended access restrictions via this operation.

4CVSS6.2AI score0.00137EPSS

CVE•added 2010/12/16 8:0 p.m.•35 views

CVE-2010-4546

IBM Lotus Notes Traveler before 8.5.1.2 does not reject an attachment download request for an e-mail message with a Prevent Copy attribute, which allows remote authenticated users to bypass intended access restrictions via this request.

4CVSS6.3AI score0.00137EPSS

CVE•added 2010/12/16 8:0 p.m.•32 views

CVE-2010-4553

An unspecified Domino API in IBM Lotus Notes Traveler before 8.5.1.1 does not properly handle MIME types, which allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors.

5CVSS6.6AI score0.00645EPSS

CVE•added 2010/12/16 8:0 p.m.•31 views

CVE-2010-4547

IBM Lotus Notes Traveler before 8.5.1.3, when a multidomain environment is used, does not properly apply policy documents to mobile users from a different Domino domain than the Traveler server, which allows remote authenticated users to bypass intended access restrictions by using credentials from...

3.5CVSS6.3AI score0.00137EPSS

CVE•added 2010/12/16 8:0 p.m.•31 views

CVE-2010-4548

IBM Lotus Notes Traveler before 8.5.1.2 allows remote authenticated users to cause a denial of service (daemon crash) by accepting a meeting invitation with an iNotes client and then accepting this meeting invitation with an iPhone client.

2.1CVSS6.2AI score0.00406EPSS

CVE•added 2012/10/08 10:47 a.m.•30 views

CVE-2012-5309

servlet/traveler in IBM Lotus Notes Traveler through 8.5.3.3 Interim Fix 1 does not properly restrict invalid authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack.

6.8CVSS6.7AI score0.0055EPSS

CVE•added 2012/10/08 10:47 a.m.•27 views

CVE-2012-5308

Cross-site request forgery (CSRF) vulnerability in servlet/traveler in IBM Lotus Notes Traveler through 8.5.3.3 Interim Fix 1 allows remote attackers to hijack the authentication of arbitrary users for requests that create problem reports via a getReportProblem upload action.

6.8CVSS7.2AI score0.00106EPSS