Detections
Analytics

IBM Lotus Protector for Mail Security Multiple Vulnerabilities

high Nessus Plugin ID 74121

Language:

Synopsis

The remote host is affected by multiple vulnerabilities.

Description

A version of IBM Lotus Protector for Mail Security is installed on the remote host that is affected by multiple vulnerabilities :

 - An unspecified cross-site scripting vulnerability exists in the Admin Web UI.
 (CVE-2014-0884)

 - An unspecified cross-site request forgery vulnerability exists in the Admin Web UI. (CVE-2014-0885)

 - An unspecified arbitrary command execution vulnerability exists in the Admin Web UI.
 (CVE-2014-0886)

 - An unspecified arbitrary command execution vulnerability exists in the Admin Web UI that potentially allows an attacker to execute arbitrary commands with root privileges. (CVE-2014-0887)

Solution

Install the latest system packages per the advisory.

See Also

http://www-01.ibm.com/support/docview.wss?uid=swg21668124

http://www.nessus.org/u?a1b0598a

Plugin Details

Severity: High

ID: 74121

File Name: ibm_lotus_notes_protector_ms_swg21668124.nasl

Version: 1.4

Type: local

Agent: unix

Published: 5/21/2014

Updated: 7/12/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.1

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:H/Au:S/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:ibm:lotus_protector_for_mail_security

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 3/24/2014

Vulnerability Publication Date: 3/24/2014

Reference Information

CVE: CVE-2014-0884, CVE-2014-0885, CVE-2014-0886, CVE-2014-0887

BID: 66410, 66405, 66402, 66404

CWE: 20, 442, 629, 711, 712, 722, 725, 74, 750, 751, 79, 800, 801, 809, 811, 864, 900, 928, 931, 990