File Download Bypass Vulnerability in IBM Lotus Notes Traveler
CVE-2010-4546

Currently unrated

Key Information:

Vendor: IBM
Status: Lotus Notes Traveler
Vendor: CVE Published:; 16 December 2010

Summary

IBM Lotus Notes Traveler versions before 8.5.1.2 are susceptible to an access control bypass vulnerability. The software fails to reject attachment download requests from emails that have a 'Prevent Copy' attribute set, allowing remote authenticated users to circumvent intended access restrictions. This flaw could potentially lead to unauthorized access to sensitive information contained in email attachments. Organizations using affected versions should apply available patches promptly to safeguard their data.

References

http://www-10.lotus.com/ldd/dominowiki.nsf/page.xsp?docum...

x_refsource_CONFIRM

http://www-10.lotus.com/ldd/dominowiki.nsf/dx/Lotus_Notes...

x_refsource_CONFIRM

http://www-1.ibm.com/support/docview.wss?uid=swg1LO49840

vendor-advisoryx_refsource_AIXAPAR

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Dec 16, 2010