Lucene search

MitreCVE-2004-1621

HistoryFeb 20, 2005 - 5:00 a.m.

CVE-2004-1621

2005-02-2005:00:00

mitre

web.nvd.nist.gov

cve-2004-1621

xss

ibm

lotus notes

domino

security vulnerability

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.1

Confidence

High

EPSS

0.009

Percentile

83.0%

JSON

NOTE: this issue has been disputed by the vendor. Cross-site scripting (XSS) vulnerability in IBM Lotus Notes R6 and Domino R6, and possibly earlier versions, allows remote attackers to execute arbitrary web script or HTML via square brackets at the beginning and end of (1) computed for display, (2) computed when composed, or (3) computed text element fields. NOTE: the vendor has disputed this issue, saying that it is not a problem with Notes/Domino itself, but with the applications that do not properly handle this feature

Affected configurations

Nvd

Node

ibmlotus_dominoMatch6.0

ibmlotus_dominoMatch6.0.1

ibmlotus_dominoMatch6.0.2

ibmlotus_dominoMatch6.0.2_cf2

ibmlotus_dominoMatch6.0.3

ibmlotus_dominoMatch6.5.0

ibmlotus_dominoMatch6.5.1

ibmlotus_dominoMatch6.5.2

VendorProductVersionCPE
ibmlotus_domino6.0cpe:2.3:a:ibm:lotus_domino:6.0:*:*:*:*:*:*:*
ibmlotus_domino6.0.1cpe:2.3:a:ibm:lotus_domino:6.0.1:*:*:*:*:*:*:*
ibmlotus_domino6.0.2cpe:2.3:a:ibm:lotus_domino:6.0.2:*:*:*:*:*:*:*
ibmlotus_domino6.0.2_cf2cpe:2.3:a:ibm:lotus_domino:6.0.2_cf2:*:*:*:*:*:*:*
ibmlotus_domino6.0.3cpe:2.3:a:ibm:lotus_domino:6.0.3:*:*:*:*:*:*:*
ibmlotus_domino6.5.0cpe:2.3:a:ibm:lotus_domino:6.5.0:*:*:*:*:*:*:*
ibmlotus_domino6.5.1cpe:2.3:a:ibm:lotus_domino:6.5.1:*:*:*:*:*:*:*
ibmlotus_domino6.5.2cpe:2.3:a:ibm:lotus_domino:6.5.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	lotus_domino	6.0	cpe:2.3:a:ibm:lotus_domino:6.0:::::::*
ibm	lotus_domino	6.0.1	cpe:2.3:a:ibm:lotus_domino:6.0.1:::::::*
ibm	lotus_domino	6.0.2	cpe:2.3:a:ibm:lotus_domino:6.0.2:::::::*
ibm	lotus_domino	6.0.2_cf2	cpe:2.3:a:ibm:lotus_domino:6.0.2_cf2:::::::*
ibm	lotus_domino	6.0.3	cpe:2.3:a:ibm:lotus_domino:6.0.3:::::::*
ibm	lotus_domino	6.5.0	cpe:2.3:a:ibm:lotus_domino:6.5.0:::::::*
ibm	lotus_domino	6.5.1	cpe:2.3:a:ibm:lotus_domino:6.5.1:::::::*
ibm	lotus_domino	6.5.2	cpe:2.3:a:ibm:lotus_domino:6.5.2:::::::*

References

marc.info/?l=bugtraq&m=109812960023736&w=2

marc.info/?l=bugtraq&m=109841682529328&w=2

secunia.com/advisories/12891

securitytracker.com/id?1011779

www-1.ibm.com/support/docview.wss?rs=463&uid=swg21187833

www.kb.cert.org/vuls/id/404382

www.securityfocus.com/bid/11458

exchange.xforce.ibmcloud.com/vulnerabilities/17758

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.1

Confidence

High

EPSS

0.009

Percentile

83.0%

JSON

Related for CVE-2004-1621