CVE-2011-1032

IBM Lotus Connections 3.0, when IBM WebSphere Application Server 7.0.0.11 is used, does not properly restrict access to the internal login module, which has unspecified impact and attack vectors.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.ibm.com/support/docview.wss?uid=swg21462435
http://www-01.ibm.com/support/docview.wss?uid=swg1PK54565
http://secunia.com/advisories/43298	Vendor Advisory
http://www.vupen.com/english/advisories/2011/0382
http://osvdb.org/70931

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:ibm:lotus_connections:3.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:7.0.0.11:*:*:*:*:*:*:*

Information

Published : 2011-02-14 17:00

Updated : 2011-02-28 23:08

NVD link : CVE-2011-1032

Mitre link : CVE-2011-1032

JSON object : View

CWE

CWE-264

Permissions, Privileges, and Access Controls

Products Affected

ibm

lotus_connections
websphere_application_server

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.ibm.com/support/docview.wss?uid=swg21462435", "name": "http://www.ibm.com/support/docview.wss?uid=swg21462435", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK54565", "name": "PK54565", "tags": [], "refsource": "AIXAPAR"}, {"url": "http://secunia.com/advisories/43298", "name": "43298", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.vupen.com/english/advisories/2011/0382", "name": "ADV-2011-0382", "tags": [], "refsource": "VUPEN"}, {"url": "http://osvdb.org/70931", "name": "70931", "tags": [], "refsource": "OSVDB"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "IBM Lotus Connections 3.0, when IBM WebSphere Application Server 7.0.0.11 is used, does not properly restrict access to the internal login module, which has unspecified impact and attack vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-264"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2011-1032", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2011-02-15T01:00Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:ibm:lotus_connections:3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2011-03-01T07:08Z"}

6.8 /10