Access Control Bypass in Lotus Domino Servers by IBM
CVE-2002-0037

Currently unrated

Key Information:

Vendor: IBM
Status: Lotus Domino Server
Vendor: CVE Published:; 22 April 2002

Summary

IBM Lotus Domino Servers version 5.x, 4.6x, and 4.5x are prone to a significant vulnerability that allows unauthorized users to bypass established Reader and Author access controls on document objects. This is achievable through a misuse of the Notes API call (NSFDbReadObject), which permits direct access to document objects, potentially exposing sensitive data to unauthorized parties. Organizations using these versions should assess their security measures and consider applying necessary updates to mitigate this exposure.

References

http://www.iss.net/security_center/static/10095.php

vdb-entryx_refsource_XF

http://archives.neohapsis.com/archives/bugtraq/2001-09/01...

mailing-listx_refsource_BUGTRAQ

http://archives.neohapsis.com/archives/bugtraq/2001-09/01...

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability published
Apr 22, 2002
Vulnerability Reserved
Jan 16, 2002