Access Control Misconfiguration in IBM Lotus Expeditor Web Container
CVE-2012-0191

Currently unrated

Key Information:

Vendor: IBM
Status: Lotus Expeditor
Vendor: CVE Published:; 22 June 2012

Summary

The web container in IBM Lotus Expeditor 6.1.x and 6.2.x prior to the 6.2 FP5+Security Pack is vulnerable to an access control bypass. This vulnerability allows remote attackers to spoof requests originating from localhost by manipulating HTTP headers, potentially leading to unauthorized access or actions being performed within the application. It is essential for users of the affected versions to apply the necessary updates to safeguard against this exploit.

References

http://www.ibm.com/support/docview.wss?uid=swg21575642

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/72156

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Jun 22, 2012
Vulnerability Reserved
Dec 14, 2011