IBM Lotus Notes Web Application XSS Vulnerability (Mac OS X) Network Vulnerability

Summary

This host is installed with IBM Lotus Notes and is prone to cross site scripting vulnerability.

Impact

Successful exploitation will allow attacker to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Impact Level: System/Application

Solution

Upgrade to IBM Lotus Notes 8.5.3 FP3 For updates refer to http://www-01.ibm.com/support/docview.wss?uid=swg21619604

Insight

An error exists within the Web applications which allows an attacker to read or set the cookie value by injecting script.

Affected

IBM Lotus Notes Version 8.x before 8.5.3 FP3 on Mac OS X

References

http://secunia.com/advisories/51593
http://securitytracker.com/id?1027887
http://www-01.ibm.com/support/docview.wss?uid=swg21619604
http://www.osvdb.org/88429
http://xforce.iss.net/xforce/xfdb/79535

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-4846

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Apache Tomcat AJP Request Remote Denial Of Service Vulnerability
Adobe Reader 'file://' URL Information Disclosure Vulnerability Feb07 (Mac OS X)
Active Perl CGI.pm 'Set-Cookie' and 'P3P' HTTP Header Injection Vulnerability (Win)
Apple Safari 'setInterval()' Address Bar Spoofing Vulnerability (Win)
Adobe Reader Plugin Signature Bypass Vulnerability (Mac OS X)

Take action and discover your vulnerabilities