Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1948


Vulnerability Score 4.0 4.0
CVE Id CVE-2006-1948
Last Modified 05 Sep 2008 05:03:16
Published 20 Apr 2006 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE



The "Add Sender to Address Book" operation (AddSenderToAddressBook.lss) and NameHelper.lss in IBM Lotus Notes 6.0 and 6.5 before 20060331 do not properly store information in the Personal Address Book when multiple messages are checked and a message uses AltFrom, which might allow user-assisted remote attackers to trick a user into sending e-mail to an unauthorized recipient.

Vulnerable Systems


  • Ibm Lotus Notes 6.0

  • Ibm Lotus Notes 6.5



SECTRACK - 1015914

Last Updated: 27 May 2016 10:42:16