Lucene search

MitreCVE-2011-1520

HistoryMar 25, 2011 - 7:55 p.m.

CVE-2011-1520

2011-03-2519:55:02

CWE-287

mitre

web.nvd.nist.gov

"cve-2011-1520

ibm lotus domino

server console

unauthorized access

default configuration

nvd"

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.3

Confidence

Low

EPSS

0.001

Percentile

20.6%

JSON

The default configuration of the server console in IBM Lotus Domino does not require a password (aka Server_Console_Password), which allows physically proximate attackers to perform administrative changes or obtain sensitive information via a (1) Load, (2) Tell, or (3) Set Configuration command.

Affected configurations

Nvd

Node

ibmlotus_domino

VendorProductVersionCPE
ibmlotus_domino*cpe:2.3:a:ibm:lotus_domino:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	lotus_domino	*	cpe:2.3:a:ibm:lotus_domino::::::::

References

publib.boulder.ibm.com/infocenter/domhelp/v8r0/index.jsp?topic=/com.ibm.help.domino.admin.doc/DOC/H_THE_DOMINO_CONTROLLER_AND_CONSOLE_OVER.html

securityreason.com/securityalert/8164

www.lotus.com/ldd/doc/domino_notes/rnext/help6_admin.nsf/2e73cbb2141acefa85256b8700688cea/0c50e423038555d085256c1d003a31f0?OpenDocument

www.lotus.com/ldd/dominowiki.nsf/dx/server_console_password

www.securityfocus.com/archive/1/517119/100/0/threaded

www.zerodayinitiative.com/advisories/ZDI-11-110

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.3

Confidence

Low

EPSS

0.001

Percentile

20.6%

JSON

Related for CVE-2011-1520