Lotus Notes Traveler@8.5.3 Security Vulnerabilities and Issues — Lotus Notes Traveler@8.5.3 CVE List

Lucene search

IbmLotus Notes Traveler8.5.3

9 matches found

CVE•added 2013/01/11 12:55 a.m.•110 views

CVE-2012-4820

Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Ti...

9.3CVSS4.5AI score0.09366EPSS

CVE•added 2013/01/11 12:55 a.m.•86 views

CVE-2012-4821

Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics Syst...

9.3CVSS5.5AI score0.05992EPSS

CVE•added 2013/01/11 12:55 a.m.•86 views

CVE-2012-4823

9.3CVSS5.2AI score0.13162EPSS

CVE•added 2013/01/11 12:55 a.m.•82 views

CVE-2012-4822

9.3CVSS5.3AI score0.10236EPSS

CVE•added 2012/10/08 10:47 a.m.•44 views

CVE-2012-4824

Open redirect vulnerability in servlet/traveler in IBM Lotus Notes Traveler 8.5.3 before 8.5.3.3 Interim Fix 1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirectURL parameter.

5.8CVSS6.5AI score0.00201EPSS

CVE•added 2012/10/08 10:47 a.m.•44 views

CVE-2012-5307

Cross-site scripting (XSS) vulnerability in servlet/traveler in IBM Lotus Notes Traveler before 8.5.3.3 Interim Fix 1, when Firefox is used, allows remote attackers to inject arbitrary web script or HTML via the redirectURL parameter, a different vulnerability than CVE-2012-4824 and CVE-2012-4825.

2.6CVSS5.5AI score0.00236EPSS

CVE•added 2012/10/08 10:47 a.m.•38 views

CVE-2012-4825

Multiple cross-site scripting (XSS) vulnerabilities in servlet/traveler/ILNT.mobileconfig in IBM Lotus Notes Traveler before 8.5.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) userId or (2) address parameter in a getClientConfigFile action.

4.3CVSS5.6AI score0.00236EPSS

CVE•added 2012/10/08 10:47 a.m.•30 views

CVE-2012-5309

servlet/traveler in IBM Lotus Notes Traveler through 8.5.3.3 Interim Fix 1 does not properly restrict invalid authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack.

6.8CVSS6.7AI score0.0055EPSS

CVE•added 2012/10/08 10:47 a.m.•27 views

CVE-2012-5308

Cross-site request forgery (CSRF) vulnerability in servlet/traveler in IBM Lotus Notes Traveler through 8.5.3.3 Interim Fix 1 allows remote attackers to hijack the authentication of arbitrary users for requests that create problem reports via a getReportProblem upload action.

6.8CVSS7.2AI score0.00106EPSS