HTTP Access Services Vulnerability in IBM Lotus Mobile Connect
CVE-2010-4595

Currently unrated

Key Information:

Vendor: IBM
Status: Lotus Mobile Connect
Vendor: CVE Published:; 22 December 2010

Summary

The Connection Manager in IBM Lotus Mobile Connect, prior to version 6.1.4, lacks proper enforcement of blacklisting functionality for HTTP Access Services. This vulnerability enables remote attackers to exploit a flaw that allows them to bypass intended access restrictions by sending HTTP requests containing forbidden User-Agent headers. This weakness can lead to unauthorized actions and data exposure, posing significant security risks for affected users.

References

http://www-01.ibm.com/support/docview.wss?uid=swg1IZ86207

vendor-advisoryx_refsource_AIXAPAR

http://www-01.ibm.com/support/docview.wss?uid=swg27020327

x_refsource_CONFIRM

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Dec 22, 2010