PT-2002-1135 · Ibm · Lotus Domino Server

Publicado

2002-04-12

Atualizado

2008-09-05

CVE-2002-0037

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Lotus Domino Servers versions 4.5x through 5.x

Description The issue allows attackers to bypass the intended Reader and Author access list for a document's object. This is achieved via a Notes API call, specifically the NSFDbReadObject function, which directly accesses the object, thus circumventing access controls.

Recommendations For Lotus Domino Servers versions 4.5x through 5.x, consider restricting access to the NSFDbReadObject function until a patch is available. Additionally, review and enforce the intended Reader and Author access lists for all documents to minimize potential exploitation.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2002-0037

Produtos afetados

Lotus Domino Server

PT-2002-1135 · Ibm · Lotus Domino Server

CVE-2002-0037

Identificadores relacionados

Produtos afetados

Referências · 5