CVE-2007-5544

Опубликовано: 29 окт. 2007

Источник: nvd

CVSS3: 7.8

CVSS2: 6.2

EPSS Низкий

Описание

IBM Lotus Notes before 6.5.6, and 7.x before 7.0.3; and Domino before 6.5.5 FP3, and 7.x before 7.0.2 FP1; uses weak permissions (Everyone:Full Control) for memory mapped files (shared memory) in IPC, which allows local users to obtain sensitive information, or inject Lotus Script or other character sequences into a session.

Ссылки

http://secunia.com/advisories/27321
Broken Link
Patch
Vendor Advisory
http://www-1.ibm.com/support/docview.wss?uid=swg21257030
Broken Link
Patch
http://www.securityfocus.com/bid/26146
Broken Link
Third Party Advisory
VDB Entry
http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-013.txt
Not Applicable
http://www.vupen.com/english/advisories/2007/3598
Permissions Required
http://secunia.com/advisories/27321
Broken Link
Patch
Vendor Advisory
http://www-1.ibm.com/support/docview.wss?uid=swg21257030
Broken Link
Patch
http://www.securityfocus.com/bid/26146
Broken Link
Third Party Advisory
VDB Entry
http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-013.txt
Not Applicable
http://www.vupen.com/english/advisories/2007/3598
Permissions Required

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ibm:lotus_domino:*:*:*:*:*:*:*:*

Версия до 6.5.5 (исключая)

cpe:2.3:a:ibm:lotus_domino:*:*:*:*:*:*:*:*

Версия от 7.0 (включая) до 7.0.2 (исключая)

cpe:2.3:a:ibm:lotus_domino:6.5.5:-:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_domino:7.0.2:-:*:*:*:*:*:*

cpe:2.3:a:ibm:lotus_notes:*:*:*:*:*:*:*:*

Версия до 6.5.5 (включая)

cpe:2.3:a:ibm:lotus_notes:*:*:*:*:*:*:*:*

Версия от 7.0.0 (включая) до 7.0.3 (исключая)

EPSS

Процентиль: 25%

0.00089

Низкий

7.8 High

CVSS3

6.2 Medium

CVSS2

Дефекты

CWE-732

Связанные уязвимости

GHSA-6vh8-fx25-294x