Lucene search

MitreCVE-2010-1487

HistoryApr 20, 2010 - 3:30 p.m.

CVE-2010-1487

2010-04-2015:30:00

CWE-255

mitre

web.nvd.nist.gov

ibm

lotus notes

security

vulnerability

credentials

cleartext

surunas.exe

nvd

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

AI Score

5.8

Confidence

Low

EPSS

Percentile

5.1%

JSON

IBM Lotus Notes 7.0, 8.0, and 8.5 stores administrative credentials in cleartext in SURunAs.exe, which allows local users to obtain sensitive information by examining this file, aka SPR JSTN837SEG.

Affected configurations

Nvd

Node

ibmlotus_notesMatch7.0

ibmlotus_notesMatch8.0

ibmlotus_notesMatch8.5

VendorProductVersionCPE
ibmlotus_notes7.0cpe:2.3:a:ibm:lotus_notes:7.0:*:*:*:*:*:*:*
ibmlotus_notes8.0cpe:2.3:a:ibm:lotus_notes:8.0:*:*:*:*:*:*:*
ibmlotus_notes8.5cpe:2.3:a:ibm:lotus_notes:8.5:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	lotus_notes	7.0	cpe:2.3:a:ibm:lotus_notes:7.0:::::::*
ibm	lotus_notes	8.0	cpe:2.3:a:ibm:lotus_notes:8.0:::::::*
ibm	lotus_notes	8.5	cpe:2.3:a:ibm:lotus_notes:8.5:::::::*

References

secunia.com/advisories/39507

www-01.ibm.com/support/docview.wss?uid=swg21427073

www.securityfocus.com/bid/39525

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14725

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

AI Score

5.8

Confidence

Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2010-1487