IBM Domino ZMerge Database Security Bypass

This script is Copyright (C) 2015-2017 Tenable Network Security, Inc.


Synopsis :

A remote database can be accessed without credentials.

Description :

The version of IBM Domino (formerly IBM Lotus Domino) running on the
remote host is affected by a security bypass vulnerability due to
insufficient access control list (ACL) settings on the administration
databases for ZMerge. An unauthenticated, remote attacker can exploit
this issue to disclose configuration information about the IBM Domino
server installation or possibly to gain manager level access.

See also :

http://www.nessus.org/u?f759935a
http://seclists.org/bugtraq/2002/Sep/51

Solution :

Verify all of the ACLs for the available databases.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 7.5
(CVSS2#E:ND/RL:ND/RC:C)
Public Exploit Available : false

Family: Web Servers

Nessus Plugin ID: 86322 ()

Bugtraq ID: 5101

CVE ID: CVE-2002-0664

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now