CVE-2013-0487

HIGH

Description

The Java Console in IBM Domino 8.5.x allows remote authenticated users to hijack temporary credentials by leveraging knowledge of configuration details, aka SPR KLYH8TNNDN.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21627597

https://exchange.xforce.ibmcloud.com/vulnerabilities/81852

Details

Source: MITRE

Published: 2013-03-27

Updated: 2017-08-29

Type: CWE-287

Risk Information

CVSS v2.0

Base Score: 8.5

Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 6.8

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:ibm:lotus_domino:8.5.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_domino:8.5.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_domino:8.5.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_domino:8.5.1.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_domino:8.5.1.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_domino:8.5.1.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_domino:8.5.1.4:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_domino:8.5.1.5:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_domino:8.5.2.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_domino:8.5.2.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_domino:8.5.2.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_domino:8.5.2.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_domino:8.5.2.4:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_domino:8.5.3.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_domino:8.5.3.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_domino:8.5.3.2:*:*:*:*:*:*:*

Tenable Plugins

View all (1 total)

IDNameProductFamilySeverity
67192IBM Lotus Domino 8.5.x < 8.5.3 FP 4 Multiple VulnerabilitiesNessusWeb Servers
high