IBM Lotus Notes Web Application XSS Vulnerability (Linux) Network Vulnerability

Summary

This host is installed with IBM Lotus Notes and is prone to cross site scripting vulnerability.

Impact

Successful exploitation will allow attacker to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Impact Level: System/Application

Solution

Upgrade to IBM Lotus Notes 8.5.3 FP3 or later, For updates refer to http://www-01.ibm.com/support/docview.wss?uid=swg21619604

Insight

An error exists within the Web applications which allows an attacker to read or set the cookie value by injecting script.

Affected

IBM Lotus Notes Version 8.x before 8.5.3 FP3 on Linux

References

http://secunia.com/advisories/51593
http://securitytracker.com/id?1027887
http://www-01.ibm.com/support/docview.wss?uid=swg21619604
http://www.osvdb.org/88429
http://xforce.iss.net/xforce/xfdb/79535

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-4846

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Apple iTunes Tutorials Window Security Bypass Vulnerability (Windows)
Asterisk SIP REGISTER Response Username Enumeration Vulnerability
Apple Safari Secure Cookie Security Bypass Vulnerability (Windows)
Adobe Reader Privelege Escalation Vulnerability - Jul07 (Mac OS X)
Adobe Flex SDK 'SWF' Files Cross-Site Scripting Vulnerability (Windows)

Take action and discover your vulnerabilities