CVE-2013-0487
high
CVSS v3
—
CVSS v2
8.5
VIR risk
8.5
Description
The Java Console in IBM Domino 8.5.x allows remote authenticated users to hijack temporary credentials by leveraging knowledge of configuration details, aka SPR KLYH8TNNDN.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: psirt@us.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=swg21627597
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| ibm | lotus_domino | 8.5.0 | |
| ibm | lotus_domino | 8.5.0.1 | |
| ibm | lotus_domino | 8.5.1 | |
| ibm | lotus_domino | 8.5.1.1 | |
| ibm | lotus_domino | 8.5.1.2 | |
| ibm | lotus_domino | 8.5.1.3 | |
| ibm | lotus_domino | 8.5.1.4 | |
| ibm | lotus_domino | 8.5.1.5 | |
| ibm | lotus_domino | 8.5.2.0 | |
| ibm | lotus_domino | 8.5.2.1 | |
| ibm | lotus_domino | 8.5.2.2 | |
| ibm | lotus_domino | 8.5.2.3 | |
| ibm | lotus_domino | 8.5.2.4 | |
| ibm | lotus_domino | 8.5.3.0 | |
| ibm | lotus_domino | 8.5.3.1 | |
| ibm | lotus_domino | 8.5.3.2 | |
References
CWEs
CWE-287
Verify integrity in audit chain (admin only). AS-IS.