Detections
Analytics
IBM Domino Web Administrator Multiple Vulnerabilities
medium Nessus Plugin ID 71177
Language:
Synopsis
The remote web server is affected by multiple vulnerabilities.Description
The remote IBM Domino web server includes IBM Domino Web Administrator (webadmin.nsf) and is affected by multiple vulnerabilities :- An authenticated user can exploit an unspecified cross- site request forgery (CSRF) vulnerability by enticing a user to follow a specially crafted URL.
(CVE-2013-4050)
- An unspecified cross-site scripting vulnerability exists that can be exploited by an authenticated user.
(CVE-2013-4051)
- An unspecified cross-site scripting vulnerability exists that can be exploited by an authenticated user.
(CVE-2013-4055)
Note that only versions 8.5.x and 9.0.x of IBM Domino are affected by these issues.
Further note that Nessus has not tested for the vulnerabilities directly but has instead checked to see if the Domino Web Administrator (webadmin.nsf) is accessible.
Solution
Domino Web Administrator has been deprecated. Refer to the vendor- supplied URL for remediation recommendations.See Also
Plugin Details
Severity: Medium
ID: 71177
File Name: domino_http_webadmin_mult_vulns.nasl
Version: 1.10
Type: remote
Family: CGI abuses
Published: 12/3/2013
Updated: 4/11/2022
Configuration: Enable thorough checks
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: Medium
Base Score: 6
Temporal Score: 5.4
Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P
Vulnerability Information
CPE: cpe:/a:ibm:lotus_domino
Required KB Items: www/domino
Exploit Available: true
Exploit Ease: Exploits are available
Exploited by Nessus: true
Vulnerability Publication Date: 11/5/2013