CVE-2010-0275

Ultra-light Mode in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.241 for Domino 8.0.2 FP3 does not properly handle script commands in the status-alerts URL, which has unspecified impact and attack vectors, aka SPR LSHR7TBM58.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://secunia.com/advisories/38026	Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg27017776	Vendor Advisory
http://www.securityfocus.com/bid/37675
http://www.vupen.com/english/advisories/2010/0077	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/55471

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:ibm:lotus_inotes::::::::
	cpe:2.3:a:ibm:lotus_inotes:229.011:::::::*
	cpe:2.3:a:ibm:lotus_inotes:229.021:::::::*
	cpe:2.3:a:ibm:lotus_inotes:229.031:::::::*
	cpe:2.3:a:ibm:lotus_inotes:229.041:::::::*
	cpe:2.3:a:ibm:lotus_inotes:229.051:::::::*
	cpe:2.3:a:ibm:lotus_inotes:229.061:::::::*
	cpe:2.3:a:ibm:lotus_inotes:229.101:::::::*
	cpe:2.3:a:ibm:lotus_inotes:229.111:::::::*
	cpe:2.3:a:ibm:lotus_inotes:229.131:::::::*
	cpe:2.3:a:ibm:lotus_inotes:229.141:::::::*
	cpe:2.3:a:ibm:lotus_inotes:229.151:::::::*
	cpe:2.3:a:ibm:lotus_inotes:229.161:::::::*
	cpe:2.3:a:ibm:lotus_inotes:229.171:::::::*
	cpe:2.3:a:ibm:lotus_inotes:229.181:::::::*
	cpe:2.3:a:ibm:lotus_inotes:229.191:::::::*
	cpe:2.3:a:ibm:lotus_inotes:229.201:::::::*
	cpe:2.3:a:ibm:lotus_inotes:229.211:::::::*
	cpe:2.3:a:ibm:lotus_inotes:229.221:::::::*

cpe:2.3:a:ibm:lotus_domino:8.0.2.3:*:*:*:*:*:*:*

History

No history.

Information

Published : 2010-01-09 18:30

Updated : 2024-02-28 11:41

NVD link : CVE-2010-0275

Mitre link : CVE-2010-0275

CVE.ORG link : CVE-2010-0275

JSON object : View

Products Affected

ibm

lotus_domino
lotus_inotes

CWE

NVD-CWE-noinfo

{"id": "CVE-2010-0275", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2010-01-09T18:30:01.900", "references": [{"url": "http://secunia.com/advisories/38026", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27017776", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/37675", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2010/0077", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55471", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Ultra-light Mode in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.241 for Domino 8.0.2 FP3 does not properly handle script commands in the status-alerts URL, which has unspecified impact and attack vectors, aka SPR LSHR7TBM58."}, {"lang": "es", "value": "Modo Ultra-light en IBM Lotus iNotes (tambi\u00e9n conocido como Domino Web Access o DWA) anterior a v229.241 para Domino v8.0.2 FP3 no maneja adecuadamente secuencias de comando en la URL status-alerts, tiene un impacto y vectores de ataque sin especificar, tambi\u00e9n conocido como SPR LSHR7TBM58."}], "lastModified": "2017-08-17T01:31:56.897", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:lotus_inotes:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4B327550-1809-4982-A927-48D3392B7A22", "versionEndIncluding": "229.231"}, {"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.011:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "62AF2DA6-98E4-4921-B36C-AA5771B3629E"}, {"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.021:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3CC0B87F-B742-466D-BF93-56BFECAC2E54"}, {"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.031:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "708BEAEF-B186-470D-8148-9C0703B42765"}, {"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.041:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "83C58751-33AE-4A3F-A096-AB13FC8A64A2"}, {"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.051:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "01E2E70E-3C00-4AA2-AF8D-349E82806FA3"}, {"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.061:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3508BE09-6B84-4819-BC0F-7E23964FE29D"}, {"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.101:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1A17FFE5-97F5-45D0-8C54-3C22BF1FFA72"}, {"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.111:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CE8C8052-8980-4265-929B-E27B6A914B4F"}, {"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.131:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2D6C0F89-47E6-4895-909D-6AF8DBFE2477"}, {"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.141:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "590EBAF8-04A9-4DAD-9FCF-B1B38FF03374"}, {"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.151:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "717F7305-98E1-403D-B08A-6FE1FD83D2C0"}, {"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.161:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3C4B46DA-B4E6-4AB0-AD85-7C77EFE14063"}, {"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.171:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E1862CF3-0BF2-4F1B-80A9-0B5B02005A1C"}, {"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.181:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1CC9488A-F368-498E-8CDE-2ADC6AED470B"}, {"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.191:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A2F8C056-91A2-410B-942A-E108B93AD1E7"}, {"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.201:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BCD1A2BB-F7FC-4FE1-B633-F0AF79E0F5FB"}, {"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.211:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "805C7074-679E-4F11-A055-8C52B4E26F5F"}, {"criteria": "cpe:2.3:a:ibm:lotus_inotes:229.221:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "840A1975-0C5B-44F0-9F2E-1BBE02AA0484"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:lotus_domino:8.0.2.3:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D419EFAE-E03F-4F4A-8C18-06BE61EBBF5D"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}