Lucene search

MitreCVE-2007-5701

HistoryOct 29, 2007 - 9:46 p.m.

CVE-2007-5701

2007-10-2921:46:00

CWE-200

CWE-310

mitre

web.nvd.nist.gov

cve-2007-5701

ibm

lotus domino

vulnerability

password disclosure

local users

nvd

security

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

AI Score

5.6

Confidence

Low

EPSS

0.001

Percentile

31.4%

JSON

Incomplete blacklist vulnerability in the Certificate Authority (CA) in IBM Lotus Domino before 7.0.3 allows local users, or attackers with physical access, to obtain sensitive information (passwords) when an administrator enters a “ca activate” or “ca unlock” command with any uppercase character, which bypasses a blacklist designed to suppress password logging, resulting in cleartext password disclosure in the console log and Admin panel.

Affected configurations

Nvd

Node

ibmlotus_dominoMatch6.5.5

ibmlotus_dominoMatch6.5.5fp1

ibmlotus_dominoMatch6.5.5fp2

ibmlotus_dominoMatch6.5.5fp3

ibmlotus_dominoMatch6.5.6

ibmlotus_dominoMatch6.5.6fp1

ibmlotus_dominoMatch7.0

ibmlotus_dominoMatch7.0.2

ibmlotus_dominoMatch7.0.2fp1

ibmlotus_dominoMatch7.0.2fp2

VendorProductVersionCPE
ibmlotus_domino6.5.5cpe:2.3:a:ibm:lotus_domino:6.5.5:*:*:*:*:*:*:*
ibmlotus_domino6.5.5cpe:2.3:a:ibm:lotus_domino:6.5.5:*:fp1:*:*:*:*:*
ibmlotus_domino6.5.5cpe:2.3:a:ibm:lotus_domino:6.5.5:*:fp2:*:*:*:*:*
ibmlotus_domino6.5.5cpe:2.3:a:ibm:lotus_domino:6.5.5:*:fp3:*:*:*:*:*
ibmlotus_domino6.5.6cpe:2.3:a:ibm:lotus_domino:6.5.6:*:*:*:*:*:*:*
ibmlotus_domino6.5.6cpe:2.3:a:ibm:lotus_domino:6.5.6:*:fp1:*:*:*:*:*
ibmlotus_domino7.0cpe:2.3:a:ibm:lotus_domino:7.0:*:*:*:*:*:*:*
ibmlotus_domino7.0.2cpe:2.3:a:ibm:lotus_domino:7.0.2:*:*:*:*:*:*:*
ibmlotus_domino7.0.2cpe:2.3:a:ibm:lotus_domino:7.0.2:*:fp1:*:*:*:*:*
ibmlotus_domino7.0.2cpe:2.3:a:ibm:lotus_domino:7.0.2:*:fp2:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	lotus_domino	6.5.5	cpe:2.3:a:ibm:lotus_domino:6.5.5:::::::*
ibm	lotus_domino	6.5.5	cpe:2.3:a:ibm:lotus_domino:6.5.5::fp1:::::
ibm	lotus_domino	6.5.5	cpe:2.3:a:ibm:lotus_domino:6.5.5::fp2:::::
ibm	lotus_domino	6.5.5	cpe:2.3:a:ibm:lotus_domino:6.5.5::fp3:::::
ibm	lotus_domino	6.5.6	cpe:2.3:a:ibm:lotus_domino:6.5.6:::::::*
ibm	lotus_domino	6.5.6	cpe:2.3:a:ibm:lotus_domino:6.5.6::fp1:::::
ibm	lotus_domino	7.0	cpe:2.3:a:ibm:lotus_domino:7.0:::::::*
ibm	lotus_domino	7.0.2	cpe:2.3:a:ibm:lotus_domino:7.0.2:::::::*
ibm	lotus_domino	7.0.2	cpe:2.3:a:ibm:lotus_domino:7.0.2::fp1:::::
ibm	lotus_domino	7.0.2	cpe:2.3:a:ibm:lotus_domino:7.0.2::fp2:::::

References

osvdb.org/40952

secunia.com/advisories/27321

www-1.ibm.com/support/docview.wss?uid=swg21261095

www.securityfocus.com/bid/26176

www.vupen.com/english/advisories/2007/3598

exchange.xforce.ibmcloud.com/vulnerabilities/37372

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

AI Score

5.6

Confidence

Low

EPSS

0.001

Percentile

31.4%

JSON

Related for CVE-2007-5701