IBM Lotus Notes Traveler Vulnerability in Data Sync Operations
CVE-2009-5033

Currently unrated

Key Information:

Vendor: IBM
Status: Lotus Notes Traveler
Vendor: CVE Published:; 16 December 2010

Summary

IBM Lotus Notes Traveler versions prior to 8.5.0.2 exhibit a flaw in handling specific command arguments, enabling remote authenticated users to exploit this weakness. By leveraging the incorrect processing of a particular tell command, attackers can gain unauthorized access to sensitive data belonging to other users through synchronization operations. This vulnerability arises from inadequate isolation of user data in shared threads, resulting in potential data exposure and privacy violations.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/64742

vdb-entryx_refsource_XF

http://www-1.ibm.com/support/docview.wss?uid=swg1LO41040

vendor-advisoryx_refsource_AIXAPAR

http://www-10.lotus.com/ldd/dominowiki.nsf/page.xsp?docum...

x_refsource_CONFIRM

Timeline

Vulnerability published
Dec 16, 2010
Vulnerability Reserved
Dec 16, 2010