HTTP Access Services Vulnerability in IBM Lotus Mobile Connect
CVE-2010-4595

Currently unrated

Key Information:

Vendor: IBM
Status: Lotus Mobile Connect
Vendor: CVE Published:; 22 December 2010

What is CVE-2010-4595?

The Connection Manager in IBM Lotus Mobile Connect, prior to version 6.1.4, lacks proper enforcement of blacklisting functionality for HTTP Access Services. This vulnerability enables remote attackers to exploit a flaw that allows them to bypass intended access restrictions by sending HTTP requests containing forbidden User-Agent headers. This weakness can lead to unauthorized actions and data exposure, posing significant security risks for affected users.

References

http://www-01.ibm.com/support/docview.wss?uid=swg1IZ86207

vendor-advisoryx_refsource_AIXAPAR

http://www-01.ibm.com/support/docview.wss?uid=swg27020327

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Dec 22, 2010