PT-2002-1135 · Ibm · Lotus Domino Server

Published

2002-04-12

Updated

2008-09-05

CVE-2002-0037

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Lotus Domino Servers versions 4.5x through 5.x

Description The issue allows attackers to bypass the intended Reader and Author access list for a document's object. This is achieved via a Notes API call, specifically the NSFDbReadObject function, which directly accesses the object, thus circumventing access controls.

Recommendations For Lotus Domino Servers versions 4.5x through 5.x, consider restricting access to the NSFDbReadObject function until a patch is available. Additionally, review and enforce the intended Reader and Author access lists for all documents to minimize potential exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2002-0037

Affected Products

Lotus Domino Server

PT-2002-1135 · Ibm · Lotus Domino Server

CVE-2002-0037

Related Identifiers

Affected Products

References · 5