Summary
The host is installed with IBM Lotus Domino and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow remote attackers to inject arbitrary web script, hijack temporary credentials by leveraging knowledge of configuration details and cause a denial of service condition.
Impact Level: Application
Solution
Upgrade to IBM Lotus Domino version 8.5.3 FP3 or later.
For more information refer to,
http://www-01.ibm.com/support/docview.wss?uid=swg21627597
Insight
Multiple flaws are in,
- webadmin.nsf file in Web Administrator client component, which does not verify user inputs properly.
- Java Console in IBM Domino can be compromised to disclose time-limited authentication credentials.
- Memory leak in the HTTP server in IBM Domino.
Affected
IBM Lotus Domino 8.5.3 before FP3.
Detection
Get the installed version with the help of detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2013-0486, CVE-2013-0487, CVE-2013-0488 -
CVSS Base Score: 8.5
AV:N/AC:M/Au:S/C:C/I:C/A:C
Related Vulnerabilities
- Aastra IP Telephone Hardcoded Telnet Password Security Bypass Vulnerability
- Adobe ExtendedScript Toolkit (ESTK) Insecure Library Loading Vulnerability (Win)
- Adobe Acrobat Sandbox Bypass Vulnerability - Aug14 (Windows)
- Adobe Acrobat and Reader Multiple Vulnerabilities -Oct10 (Windows)
- Adobe Flash Player Buffer Overflow Vulnerability - Apr14 (Windows)