CVE-2012-5309
medium
CVSS v3
—
CVSS v2
6.8
VIR risk
6.8
Description
servlet/traveler in IBM Lotus Notes Traveler through 8.5.3.3 Interim Fix 1 does not properly restrict invalid authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| ibm | lotus_notes_traveler | 8.5.0.0 | |
| ibm | lotus_notes_traveler | 8.5.0.1 | |
| ibm | lotus_notes_traveler | 8.5.0.2 | |
| ibm | lotus_notes_traveler | 8.5.1.1 | |
| ibm | lotus_notes_traveler | 8.5.1.2 | |
| ibm | lotus_notes_traveler | 8.5.1.3 | |
| ibm | lotus_notes_traveler | 8.5.2.1 | |
| ibm | lotus_notes_traveler | 8.5.3 | |
| ibm | lotus_notes_traveler | 8.5.3.1 | |
| ibm | lotus_notes_traveler | 8.5.3.2 | |
| ibm | lotus_notes_traveler | 8.5.3.3 | |
References
CWEs
CWE-287
Verify integrity in audit chain (admin only). AS-IS.