Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-0191

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2012-0191
Last Modified 22 Jun 2012 12:00:00
Published 22 Jun 2012 06:24:05
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-0191

Summary

The web container in IBM Lotus Expeditor 6.1.x and 6.2.x before 6.2 FP5+Security Pack does not properly perform access control for requests, which allows remote attackers to spoof a localhost request origin via crafted headers.

Vulnerable Systems

Application

  • Ibm Lotus Expeditor 6.1

  • Ibm Lotus Expeditor 6.1.1

  • Ibm Lotus Expeditor 6.2

  • Ibm Lotus Expeditor 6.2.1

  • Ibm Lotus Expeditor 6.2.2

  • Ibm Lotus Expeditor 6.2.3


References

XF - lotusexpeditor-acm-security-bypass(72156)

CONFIRM - http://www.ibm.com/support/docview.wss?uid=swg21575642


Last Updated: 27 May 2016 10:56:34