Описание
The Connection Manager in IBM Lotus Mobile Connect before 6.1.4 disables the http.device.stanza blacklisting functionality for HTTP Access Services (HTTP-AS), which allows remote attackers to bypass intended access restrictions via an HTTP request that contains a disallowed User-Agent header.
Уязвимые конфигурации
Конфигурация 1Версия до 6.1.3 (включая)
Одно из
cpe:2.3:a:ibm:lotus_mobile_connect:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_mobile_connect:6.1.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_mobile_connect:6.1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_mobile_connect:6.1.2:*:*:*:*:*:*:*
EPSS
Процентиль: 35%
0.00142
Низкий
5 Medium
CVSS2
Дефекты
CWE-264
Связанные уязвимости
github
больше 3 лет назад
The Connection Manager in IBM Lotus Mobile Connect before 6.1.4 disables the http.device.stanza blacklisting functionality for HTTP Access Services (HTTP-AS), which allows remote attackers to bypass intended access restrictions via an HTTP request that contains a disallowed User-Agent header.
EPSS
Процентиль: 35%
0.00142
Низкий
5 Medium
CVSS2
Дефекты
CWE-264