IBM Domino ZMerge Database Security Bypass
High Nessus Plugin ID 86322
SynopsisA remote database can be accessed without credentials.
DescriptionThe version of IBM Domino (formerly IBM Lotus Domino) running on the remote host is affected by a security bypass vulnerability due to insufficient access control list (ACL) settings on the administration databases for ZMerge. An unauthenticated, remote attacker can exploit this issue to disclose configuration information about the IBM Domino server installation or possibly to gain manager level access.
SolutionVerify all of the ACLs for the available databases.