CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
27.7%
IBM Lotus Notes sets insecure default permissions on the Notes directory. This vulnerability may allow a local attacker to gain unintended access to Lotus Notes program data.
IBM Lotus Notes installs numerous program files and program data in a special directory known as the Notes directory. According to IBM Technote #21246773:
_By default, beginning with Notes 6.5.4 and affecting 6.5.5, 7.0 and 7.0.1, “Full Control” access (read/write/execute) to the Notes program and data directory is granted to the Windows group “Everyone”. _
A local attacker may be able to gain unintended access to Lotus Notes program data.
Upgrade to unaffected versions of Lotus Notes
Lotus Notes versions 6.5.6 and 7.0.2 are reportedly not affected by this issue.
Workarounds to mitigate this vulnerability can be found in IBM Technote #21246773.
383092
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: October 20, 2006
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Refer to http://www-1.ibm.com/support/docview.wss?rs=475&uid=swg21246773
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23383092 Feedback>).
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
This issue was reported by Carsten Eiram of Secunia Research.
This document was written by Jeff Gennari.
CVE IDs: | CVE-2005-2454 |
---|---|
Severity Metric: | 1.39 Date Public: |