CVE-2013-0522

LOW

Description

The Notes Client Single Logon feature in IBM Notes 8.0, 8.0.1, 8.0.2, 8.5, 8.5.1, 8.5.2, 8.5.3, and 9.0 on Windows allows local users to discover passwords via vectors involving an unspecified operating system communication mechanism for password transmission between Windows and Notes. IBM X-Force ID: 82531.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/82531

https://www-01.ibm.com/support/docview.wss?uid=swg21634508

Details

Source: MITRE

Published: 2018-07-16

Updated: 2018-09-17

Type: CWE-200

Risk Information

CVSS v2.0

Base Score: 1.9

Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 3.4

Severity: LOW

CVSS v3.0

Base Score: 7

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 1

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:ibm:lotus_notes:8.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes:8.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes:8.0.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes:8.5:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes:8.5.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes:8.5.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes:8.5.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes:9.0:*:*:*:*:*:*:*

Tenable Plugins

View all (1 total)

IDNameProductFamilySeverity
66722IBM Notes Single Sign On Password DisclosureNessusWindows
low