The Java Console in IBM Domino 8.5.x allows remote authenticated users to hijack temporary credentials by leveraging knowledge of configuration details, aka SPR KLYH8TNNDN.
CVSS Vector
AV:N/AC:M/Au:S/C:C/I:C/A:CIBM Lotus Domino
APPIbm8.5.08.5.0.18.5.18.5.1.18.5.1.28.5.1.38.5.1.48.5.1.58.5.2.08.5.2.18.5.2.28.5.2.38.5.2.48.5.3.08.5.3.1+ 1 więcej
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
Related vulnerabilities
CVE-2014-3086HIGH7.5ten sam produkt
Unspecified vulnerability in the IBM Java Virtual Machine, as used in IBM WebSphere Real Time 3 before Service...
CVE-2014-0822HIGH7.8ten sam produkt
The IMAP server in IBM Domino 8.5.x before 8.5.3 FP6 IF1 and 9.0.x before 9.0.1 FP1 allows remote attackers to...
CVE-2013-4068HIGH7.1ten sam produkt
Buffer overflow in iNotes in IBM Domino 8.5.3 before FP5 IF1 and 9.0 before IF4 allows remote authenticated us...
CVE-2013-3027HIGH9.3ten sam produkt
Integer overflow in the DWA9W ActiveX control in iNotes in IBM Domino 9.0 before IF3 allows remote attackers t...
CVE-2012-4821HIGH9.3ten sam produkt
Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and ea...