Cross-site Request Forgery in IBM Lotus iNotes by IBM
CVE-2010-0921

Currently unrated

Key Information:

Vendor: IBM
Status: Lotus Inotes
Vendor: CVE Published:; 3 March 2010

Summary

A cross-site request forgery (CSRF) vulnerability exists in IBM Lotus iNotes, also known as Domino Web Access (DWA), affecting versions before 229.281 for Domino 8.0.2 FP4. This flaw allows remote attackers to hijack sessions and manipulate user actions without their consent. The vulnerability arises from insufficient checks for the Referer header and a lack of appropriate filtering mechanisms for CSRF requests, enabling attackers to exploit this weakness and perform unauthorized actions on behalf of victims.

References

http://www.vupen.com/english/advisories/2010/0496

vdb-entryx_refsource_VUPEN

http://www.securityfocus.com/bid/38459

vdb-entryx_refsource_BID

http://www-01.ibm.com/support/docview.wss?uid=swg27018109

x_refsource_CONFIRM

Timeline

Vulnerability published
Mar 3, 2010
Vulnerability Reserved
Mar 3, 2010