Описание
The web container in IBM Lotus Expeditor 6.1.x and 6.2.x before 6.2 FP5+Security Pack does not properly perform access control for requests, which allows remote attackers to spoof a localhost request origin via crafted headers.
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:ibm:lotus_expeditor:6.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_expeditor:6.1.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_expeditor:6.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_expeditor:6.2.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_expeditor:6.2.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_expeditor:6.2.3:*:*:*:*:*:*:*
EPSS
Процентиль: 42%
0.00201
Низкий
5 Medium
CVSS2
Дефекты
CWE-264
Связанные уязвимости
github
почти 4 года назад
The web container in IBM Lotus Expeditor 6.1.x and 6.2.x before 6.2 FP5+Security Pack does not properly perform access control for requests, which allows remote attackers to spoof a localhost request origin via crafted headers.
EPSS
Процентиль: 42%
0.00201
Низкий
5 Medium
CVSS2
Дефекты
CWE-264