Script Command Handling Flaw in IBM Lotus iNotes by IBM
CVE-2010-0275

Currently unrated

Key Information:

Vendor: IBM
Status: Lotus Inotes
Vendor: CVE Published:; 9 January 2010

Summary

IBM Lotus iNotes, also known as Domino Web Access, is susceptible to a flaw in the Ultra-light Mode feature. This vulnerability arises from the failure to correctly process script commands embedded in the status-alerts URL. As a result, malicious actors could exploit this issue to potentially execute harmful scripts, although the exact impact and attack vectors remain unspecified. Users are advised to ensure they are using an updated version of the software to mitigate risk.

References

http://secunia.com/advisories/38026

third-party-advisoryx_refsource_SECUNIA

http://www.vupen.com/english/advisories/2010/0077

vdb-entryx_refsource_VUPEN

https://exchange.xforce.ibmcloud.com/vulnerabilities/55471

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Jan 9, 2010
Vulnerability Reserved
Jan 9, 2010