CVE-2006-5835

Sažetak

The Notes Remote Procedure Call (NRPC) protocol in IBM Lotus Notes Domino before 6.5.5 FP2 and 7.x before 7.0.2 does not require authentication to perform user lookups, which allows remote attackers to obtain the user ID file.

Reference

http://secunia.com/advisories/22741
http://securitytracker.com/id?1017203
http://www.fortconsult.net/images/pdf/lotusnotes_keyfiles.pdf
http://www.securityfocus.com/bid/20960
http://www.vupen.com/english/advisories/2006/4411
http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21248026
https://exchange.xforce.ibmcloud.com/vulnerabilities/30118

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

20-07-2017 - 01:34

Objavljeno

10-11-2006 - 01:07