Lucene search

IbmCVE-2013-0536

HistoryJun 21, 2013 - 5:55 p.m.

CVE-2013-0536

2013-06-2117:55:01

CWE-264

ibm

web.nvd.nist.gov

ntmulti.exe

ibm notes

cve-2013-0536

security vulnerability

privilege escalation

code execution

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.7

Confidence

Low

EPSS

Percentile

5.1%

JSON

ntmulti.exe in the Multi User Profile Cleanup service in IBM Notes 8.0, 8.0.1, 8.0.2, 8.5, 8.5.1, 8.5.2, 8.5.3 before FP5, and 9.0 before IF2 allows local users to gain privileges via vectors that arrange for code to be executed during the next login session of a different user, aka SPR PJOK959J24.

Affected configurations

Nvd

Node

ibmlotus_inotesMatch8.5.2.0

ibmlotus_inotesMatch8.5.3.0

ibmlotus_notesMatch8.0

ibmlotus_notesMatch8.0.1

ibmlotus_notesMatch8.0.2

ibmlotus_notesMatch8.5

ibmlotus_notesMatch8.5.1

ibmlotus_notes_travelerMatch9.0

VendorProductVersionCPE
ibmlotus_inotes8.5.2.0cpe:2.3:a:ibm:lotus_inotes:8.5.2.0:*:*:*:*:*:*:*
ibmlotus_inotes8.5.3.0cpe:2.3:a:ibm:lotus_inotes:8.5.3.0:*:*:*:*:*:*:*
ibmlotus_notes8.0cpe:2.3:a:ibm:lotus_notes:8.0:*:*:*:*:*:*:*
ibmlotus_notes8.0.1cpe:2.3:a:ibm:lotus_notes:8.0.1:*:*:*:*:*:*:*
ibmlotus_notes8.0.2cpe:2.3:a:ibm:lotus_notes:8.0.2:*:*:*:*:*:*:*
ibmlotus_notes8.5cpe:2.3:a:ibm:lotus_notes:8.5:*:*:*:*:*:*:*
ibmlotus_notes8.5.1cpe:2.3:a:ibm:lotus_notes:8.5.1:*:*:*:*:*:*:*
ibmlotus_notes_traveler9.0cpe:2.3:a:ibm:lotus_notes_traveler:9.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	lotus_inotes	8.5.2.0	cpe:2.3:a:ibm:lotus_inotes:8.5.2.0:::::::*
ibm	lotus_inotes	8.5.3.0	cpe:2.3:a:ibm:lotus_inotes:8.5.3.0:::::::*
ibm	lotus_notes	8.0	cpe:2.3:a:ibm:lotus_notes:8.0:::::::*
ibm	lotus_notes	8.0.1	cpe:2.3:a:ibm:lotus_notes:8.0.1:::::::*
ibm	lotus_notes	8.0.2	cpe:2.3:a:ibm:lotus_notes:8.0.2:::::::*
ibm	lotus_notes	8.5	cpe:2.3:a:ibm:lotus_notes:8.5:::::::*
ibm	lotus_notes	8.5.1	cpe:2.3:a:ibm:lotus_notes:8.5.1:::::::*
ibm	lotus_notes_traveler	9.0	cpe:2.3:a:ibm:lotus_notes_traveler:9.0:::::::*

References

www-01.ibm.com/support/docview.wss?uid=swg21633827

exchange.xforce.ibmcloud.com/vulnerabilities/82658

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.7

Confidence

Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2013-0536