Privilege Escalation in IBM Content Collector Outlook Extension
CVE-2014-4757

Currently unrated

Key Information:

Vendor: IBM
Status: Content Collector
Vendor: CVE Published:; 12 August 2014

Summary

The Outlook Extension in IBM Content Collector versions before 4.0.0.0-ICC-OE-IF004 is susceptible to a vulnerability that enables local users to bypass the Reviewer privilege requirement. This weakness allows unauthorized individuals to access and read emails from any mailbox by utilizing the Search functionality within the application. Exploiting this vulnerability can lead to unauthorized information disclosure, posing significant risks to data confidentiality.

References

http://secunia.com/advisories/60619

third-party-advisoryx_refsource_SECUNIA

https://exchange.xforce.ibmcloud.com/vulnerabilities/94456

vdb-entryx_refsource_XF

http://www-01.ibm.com/support/docview.wss?uid=swg21679144

x_refsource_CONFIRM

Timeline

Vulnerability published
Aug 12, 2014
Vulnerability Reserved
Jul 9, 2014