Summary
Detail | |||
---|---|---|---|
Vendor | Ibm | First view | 2010-12-16 |
Product | Lotus Notes Traveler | Last view | 2013-01-10 |
Version | 8.0.1.3 | Type | Application |
Update | * | ||
Edition | * | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:a:ibm:lotus_notes_traveler |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
9.3 | 2013-01-10 | CVE-2012-4823 | Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, allows remote attackers to execute arbitrary code via vectors related to "insecure use of the java.lang.ClassLoder defineClass() method." |
9.3 | 2013-01-10 | CVE-2012-4822 | Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, allow remote attackers to execute arbitrary code via vectors related to "insecure use [of] multiple methods in the java.lang.class class." |
9.3 | 2013-01-10 | CVE-2012-4821 | Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, allow remote attackers to execute arbitrary code via "insecure use" of the (1) java.lang.Class getDeclaredMethods or nd (2) java.lang.reflect.AccessibleObject setAccessible() methods. |
9.3 | 2013-01-10 | CVE-2012-4820 | Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, when running under a security manager, allows remote attackers to gain privileges by modifying or removing the security manager via vectors related to "insecure use of the java.lang.reflect.Method invoke() method." |
2.6 | 2012-10-08 | CVE-2012-5307 | Cross-site scripting (XSS) vulnerability in servlet/traveler in IBM Lotus Notes Traveler before 8.5.3.3 Interim Fix 1, when Firefox is used, allows remote attackers to inject arbitrary web script or HTML via the redirectURL parameter, a different vulnerability than CVE-2012-4824 and CVE-2012-4825. |
4.3 | 2012-10-08 | CVE-2012-4825 | Multiple cross-site scripting (XSS) vulnerabilities in servlet/traveler/ILNT.mobileconfig in IBM Lotus Notes Traveler before 8.5.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) userId or (2) address parameter in a getClientConfigFile action. |
5 | 2010-12-16 | CVE-2010-4553 | An unspecified Domino API in IBM Lotus Notes Traveler before 8.5.1.1 does not properly handle MIME types, which allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors. |
5 | 2010-12-16 | CVE-2010-4552 | Memory leak in IBM Lotus Notes Traveler before 8.5.1.1 allows remote attackers to cause a denial of service (memory consumption and daemon outage) by sending many embedded objects in e-mail messages for iPhone clients. |
4 | 2010-12-16 | CVE-2010-4551 | IBM Lotus Notes Traveler before 8.5.1.2 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by omitting the Internet ID field in the person document, and then using an Apple device to (1) accept or (2) decline an invitation. |
5 | 2010-12-16 | CVE-2010-4550 | IBM Lotus Notes Traveler before 8.5.1.3 allows remote attackers to cause a denial of service (sync failure) via a malformed document. |
4 | 2010-12-16 | CVE-2010-4549 | IBM Lotus Notes Traveler before 8.5.1.3 on the Nokia s60 device successfully performs a Replace Data operation for a prohibited application, which allows remote authenticated users to bypass intended access restrictions via this operation. |
2.1 | 2010-12-16 | CVE-2010-4548 | IBM Lotus Notes Traveler before 8.5.1.2 allows remote authenticated users to cause a denial of service (daemon crash) by accepting a meeting invitation with an iNotes client and then accepting this meeting invitation with an iPhone client. |
3.5 | 2010-12-16 | CVE-2010-4547 | IBM Lotus Notes Traveler before 8.5.1.3, when a multidomain environment is used, does not properly apply policy documents to mobile users from a different Domino domain than the Traveler server, which allows remote authenticated users to bypass intended access restrictions by using credentials from a different domain. |
4 | 2010-12-16 | CVE-2010-4546 | IBM Lotus Notes Traveler before 8.5.1.2 does not reject an attachment download request for an e-mail message with a Prevent Copy attribute, which allows remote authenticated users to bypass intended access restrictions via this request. |
4 | 2010-12-16 | CVE-2010-4545 | IBM Lotus Notes Traveler before 8.5.1.2 allows remote authenticated users to cause a denial of service (resource consumption and sync outage) by syncing a large volume of data. |
4.3 | 2010-12-16 | CVE-2010-4544 | Cross-site scripting (XSS) vulnerability in the servlet in IBM Lotus Notes Traveler before 8.5.1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
4 | 2010-12-16 | CVE-2009-5036 | traveler.exe in IBM Lotus Notes Traveler before 8.0.1.3 CF1 allows remote authenticated users to cause a denial of service (daemon crash) via a malformed invitation document in a sync operation. |
4.3 | 2010-12-16 | CVE-2009-5035 | The Nokia client in IBM Lotus Notes Traveler before 8.5.0.2 does not properly handle multiple outgoing e-mail messages between sync operations, which might allow remote attackers to read communications intended for other recipients by examining appended messages. |
4 | 2010-12-16 | CVE-2009-5034 | IBM Lotus Notes Traveler before 8.5.0.2 allows remote authenticated users to cause a denial of service (memory consumption and daemon crash) by syncing a large volume of data, related to the launch of a new process to handle the data while the previous process is still operating on the data. |
4 | 2010-12-16 | CVE-2009-5033 | IBM Lotus Notes Traveler before 8.5.0.2 does not properly handle a "* *" argument sequence for a certain tell command, which allows remote authenticated users to obtain access to other users' data via a sync operation, related to storage of the data of multiple users within the same thread. |
5.8 | 2010-12-16 | CVE-2009-5032 | The encrypted e-mail feature in IBM Lotus Notes Traveler before 8.5.0.2 sends unencrypted messages when the feature is used without uploading a Notes ID file, which makes it easier for remote attackers to obtain sensitive information by sniffing the network. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
20% (3) | CWE-399 | Resource Management Errors |
20% (3) | CWE-264 | Permissions, Privileges, and Access Controls |
20% (3) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
20% (3) | CWE-20 | Improper Input Validation |
13% (2) | CWE-200 | Information Exposure |
6% (1) | CWE-310 | Cryptographic Issues |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
69925 | IBM Lotus Notes Traveler Unspecified Domino API MIME Type Handling Remote DoS |
69924 | IBM Lotus Notes Traveler iPhone Client Email Message Multiple Embedded Object... |
69923 | IBM Lotus Notes Traveler Person Document Missing Internet ID Field NULL Deref... |
69922 | IBM Lotus Notes Traveler Malformed Document Sync Failure Remote DoS |
69921 | IBM Lotus Notes Traveler on Nokia s60 Prohibited Application Replace Data Ope... |
69920 | IBM Lotus Notes Traveler iNotes / iPhone Client Meeting Invitation DoS |
69919 | IBM Lotus Notes Traveler Mobile User Policy Document Cross-domain Credentials... |
69918 | IBM Lotus Notes Traveler Prevent Copy Attachment Download Request Access Rest... |
69882 | IBM Lotus Notes Traveler Large Data Volume Sync Remote DoS (2010-4545) |
69881 | IBM Lotus Notes Traveler Servlet Unspecified XSS |
69880 | IBM Lotus Notes Traveler traveler.exe Sync Operation Malformed Invitation Doc... |
69879 | IBM Lotus Notes Traveler Nokia Client Sync Operation Outgoing Email Appended ... |
69878 | IBM Lotus Notes Traveler Large Data Volume Sync Remote DoS (2009-5034) |
69877 | IBM Lotus Notes Traveler tell Command Sync Operation User Data Remote Disclosure |
69876 | IBM Lotus Notes Traveler Encrypted Email Feature Missing Notes ID File Unencr... |
Snort® IPS/IDS
Date | Description |
---|---|
2018-02-06 | IBM Java invokeWithPrivilege method call attempt RuleID : 45351 - Type : FILE-JAVA - Revision : 2 |
2018-02-06 | IBM Java invokeWithClassLoaders method call attempt RuleID : 45350 - Type : FILE-JAVA - Revision : 2 |
2018-02-06 | IBM Java invokeWithPrivilege method call attempt RuleID : 45349 - Type : FILE-JAVA - Revision : 2 |
2018-02-06 | IBM Java invokeWithClassLoaders method call attempt RuleID : 45348 - Type : FILE-JAVA - Revision : 2 |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2014-11-08 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2013-1455.nasl - Type: ACT_GATHER_INFO |
2014-11-08 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2013-1456.nasl - Type: ACT_GATHER_INFO |
2013-01-24 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2012-1485.nasl - Type: ACT_GATHER_INFO |
2012-12-17 | Name: The remote host has software installed that is affected by multiple vulnerabi... File: lotus_notes_8_5_3_fp3.nasl - Type: ACT_GATHER_INFO |
2012-11-16 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2012-1465.nasl - Type: ACT_GATHER_INFO |
2012-11-16 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2012-1466.nasl - Type: ACT_GATHER_INFO |
2012-11-16 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2012-1467.nasl - Type: ACT_GATHER_INFO |