| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 8.5 | $0-$5k | 0.00 |
A vulnerability, which was classified as very critical, has been found in IBM Domino Web Access up to 229.240 (Groupware Software). Affected by this issue is an unknown code of the component Domino Web Access. The manipulation with an unknown input leads to a remote code execution vulnerability. Impacted is confidentiality, integrity, and availability. CVE summarizes:
IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.241 for Domino 8.0.2 FP3 does not properly handle navigation of the "Try Lotus iNotes anyway" link from the page that reports use of an unsupported browser, which has unspecified impact and attack vectors, aka SPR LSHR7TBMQU.
The weakness was disclosed 01/09/2010 (Website). The advisory is available at securityfocus.com. This vulnerability is handled as CVE-2010-0276 since 01/09/2010. The exploitation is known to be easy. The attack may be launched remotely. No form of authentication is required for exploitation. The technical details are unknown and an exploit is not available. The structure of the vulnerability defines a possible price range of USD $0-$5k at the moment (estimation calculated on 12/17/2017). It is expected to see the exploit prices for this product increasing in the near future.
It is declared as proof-of-concept.
Upgrading to version 229.241 eliminates this vulnerability.
The vulnerability is also documented in the vulnerability database at X-Force (55473). The entries 4075 and 51481 are pretty similar.
Product
Type
Vendor
Name
Version
License
CPE 2.3
CPE 2.2
CVSSv4
VulDB CVSS-B Score: 🔍VulDB CVSS-BT Score: 🔍
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 9.8VulDB Meta Temp Score: 8.5
VulDB Base Score: 9.8
VulDB Temp Score: 8.5
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| unlock | unlock | unlock | unlock | unlock | unlock |
| unlock | unlock | unlock | unlock | unlock | unlock |
| unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Remote Code ExecutionCWE: Unknown
ATT&CK: Unknown
Local: No
Remote: Yes
Availability: 🔍
Status: Proof-of-Concept
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | unlock | unlock | unlock | unlock |
|---|---|---|---|---|
| Today | unlock | unlock | unlock | unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: Domino Web Access 229.241
Timeline
01/07/2010 🔍01/09/2010 🔍
01/09/2010 🔍
01/09/2010 🔍
03/18/2015 🔍
12/17/2017 🔍
Sources
Vendor: ibm.comAdvisory: securityfocus.com⛔
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2010-0276 (🔍)
X-Force: 55473 - IBM Lotus Domino Web Access Try Lotus iNotes anyway unspecified
SecurityFocus: 37675 - IBM Lotus Domino Web Access Multiple Unspecified Security Vulnerabilities
Secunia: 38026
Vupen: ADV-2010-0077
See also: 🔍
Entry
Created: 03/18/2015 15:15Updated: 12/17/2017 10:01
Changes: 03/18/2015 15:15 (53), 12/17/2017 10:01 (6)
Complete: 🔍
No comments yet. Languages: en.
Please log in to comment.