Lucene search

MitreCVE-2006-5835

HistoryNov 10, 2006 - 1:07 a.m.

CVE-2006-5835

2006-11-1001:07:00

mitre

web.nvd.nist.gov

ibm

lotus notes

domino

nrpc

protocol

vulnerability

authentication

user id file

cve-2006-5835

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

9.4

Confidence

High

EPSS

0.006

Percentile

79.4%

JSON

The Notes Remote Procedure Call (NRPC) protocol in IBM Lotus Notes Domino before 6.5.5 FP2 and 7.x before 7.0.2 does not require authentication to perform user lookups, which allows remote attackers to obtain the user ID file.

Affected configurations

Nvd

Node

ibmlotus_notesMatch5.0.3

ibmlotus_notesMatch5.0.12

ibmlotus_notesMatch6.0

ibmlotus_notesMatch6.0.1

ibmlotus_notesMatch6.0.2

ibmlotus_notesMatch6.0.3

ibmlotus_notesMatch6.0.4

ibmlotus_notesMatch6.0.5

ibmlotus_notesMatch6.5

ibmlotus_notesMatch6.5.1

ibmlotus_notesMatch6.5.2

ibmlotus_notesMatch6.5.3

ibmlotus_notesMatch6.5.4

ibmlotus_notesMatch6.5.5

ibmlotus_notesMatch7.0

ibmlotus_notesMatch7.0.1

VendorProductVersionCPE
ibmlotus_notes5.0.3cpe:2.3:a:ibm:lotus_notes:5.0.3:*:*:*:*:*:*:*
ibmlotus_notes5.0.12cpe:2.3:a:ibm:lotus_notes:5.0.12:*:*:*:*:*:*:*
ibmlotus_notes6.0cpe:2.3:a:ibm:lotus_notes:6.0:*:*:*:*:*:*:*
ibmlotus_notes6.0.1cpe:2.3:a:ibm:lotus_notes:6.0.1:*:*:*:*:*:*:*
ibmlotus_notes6.0.2cpe:2.3:a:ibm:lotus_notes:6.0.2:*:*:*:*:*:*:*
ibmlotus_notes6.0.3cpe:2.3:a:ibm:lotus_notes:6.0.3:*:*:*:*:*:*:*
ibmlotus_notes6.0.4cpe:2.3:a:ibm:lotus_notes:6.0.4:*:*:*:*:*:*:*
ibmlotus_notes6.0.5cpe:2.3:a:ibm:lotus_notes:6.0.5:*:*:*:*:*:*:*
ibmlotus_notes6.5cpe:2.3:a:ibm:lotus_notes:6.5:*:*:*:*:*:*:*
ibmlotus_notes6.5.1cpe:2.3:a:ibm:lotus_notes:6.5.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	lotus_notes	5.0.3	cpe:2.3:a:ibm:lotus_notes:5.0.3:::::::*
ibm	lotus_notes	5.0.12	cpe:2.3:a:ibm:lotus_notes:5.0.12:::::::*
ibm	lotus_notes	6.0	cpe:2.3:a:ibm:lotus_notes:6.0:::::::*
ibm	lotus_notes	6.0.1	cpe:2.3:a:ibm:lotus_notes:6.0.1:::::::*
ibm	lotus_notes	6.0.2	cpe:2.3:a:ibm:lotus_notes:6.0.2:::::::*
ibm	lotus_notes	6.0.3	cpe:2.3:a:ibm:lotus_notes:6.0.3:::::::*
ibm	lotus_notes	6.0.4	cpe:2.3:a:ibm:lotus_notes:6.0.4:::::::*
ibm	lotus_notes	6.0.5	cpe:2.3:a:ibm:lotus_notes:6.0.5:::::::*
ibm	lotus_notes	6.5	cpe:2.3:a:ibm:lotus_notes:6.5:::::::*
ibm	lotus_notes	6.5.1	cpe:2.3:a:ibm:lotus_notes:6.5.1:::::::*

Rows per page:

1-10 of 161

References

secunia.com/advisories/22741

securitytracker.com/id?1017203

www-1.ibm.com/support/docview.wss?rs=463&uid=swg21248026

www.fortconsult.net/images/pdf/lotusnotes_keyfiles.pdf

www.securityfocus.com/bid/20960

www.vupen.com/english/advisories/2006/4411

exchange.xforce.ibmcloud.com/vulnerabilities/30118

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

9.4

Confidence

High

EPSS

0.006

Percentile

79.4%

JSON

Related for CVE-2006-5835