This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Ibm First view 2010-12-16
Product Lotus Notes Traveler Last view 2013-01-10
Version 8.5.1.2 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:ibm:lotus_notes_traveler

Activity : Overall

Related : CVE

  Date Alert Description
9.3 2013-01-10 CVE-2012-4823

Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, allows remote attackers to execute arbitrary code via vectors related to "insecure use of the java.lang.ClassLoder defineClass() method."

9.3 2013-01-10 CVE-2012-4822

Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, allow remote attackers to execute arbitrary code via vectors related to "insecure use [of] multiple methods in the java.lang.class class."

9.3 2013-01-10 CVE-2012-4821

Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, allow remote attackers to execute arbitrary code via "insecure use" of the (1) java.lang.Class getDeclaredMethods or nd (2) java.lang.reflect.AccessibleObject setAccessible() methods.

9.3 2013-01-10 CVE-2012-4820

Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, when running under a security manager, allows remote attackers to gain privileges by modifying or removing the security manager via vectors related to "insecure use of the java.lang.reflect.Method invoke() method."

6.8 2012-10-08 CVE-2012-5309

servlet/traveler in IBM Lotus Notes Traveler through 8.5.3.3 Interim Fix 1 does not properly restrict invalid authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack.

6.8 2012-10-08 CVE-2012-5308

Cross-site request forgery (CSRF) vulnerability in servlet/traveler in IBM Lotus Notes Traveler through 8.5.3.3 Interim Fix 1 allows remote attackers to hijack the authentication of arbitrary users for requests that create problem reports via a getReportProblem upload action.

2.6 2012-10-08 CVE-2012-5307

Cross-site scripting (XSS) vulnerability in servlet/traveler in IBM Lotus Notes Traveler before 8.5.3.3 Interim Fix 1, when Firefox is used, allows remote attackers to inject arbitrary web script or HTML via the redirectURL parameter, a different vulnerability than CVE-2012-4824 and CVE-2012-4825.

4.3 2012-10-08 CVE-2012-4825

Multiple cross-site scripting (XSS) vulnerabilities in servlet/traveler/ILNT.mobileconfig in IBM Lotus Notes Traveler before 8.5.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) userId or (2) address parameter in a getClientConfigFile action.

5 2010-12-16 CVE-2010-4550

IBM Lotus Notes Traveler before 8.5.1.3 allows remote attackers to cause a denial of service (sync failure) via a malformed document.

4 2010-12-16 CVE-2010-4549

IBM Lotus Notes Traveler before 8.5.1.3 on the Nokia s60 device successfully performs a Replace Data operation for a prohibited application, which allows remote authenticated users to bypass intended access restrictions via this operation.

3.5 2010-12-16 CVE-2010-4547

IBM Lotus Notes Traveler before 8.5.1.3, when a multidomain environment is used, does not properly apply policy documents to mobile users from a different Domino domain than the Traveler server, which allows remote authenticated users to bypass intended access restrictions by using credentials from a different domain.

4.3 2010-12-16 CVE-2010-4544

Cross-site scripting (XSS) vulnerability in the servlet in IBM Lotus Notes Traveler before 8.5.1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE : Common Weakness Enumeration

%idName
37% (3) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
25% (2) CWE-264 Permissions, Privileges, and Access Controls
12% (1) CWE-352 Cross-Site Request Forgery (CSRF)
12% (1) CWE-287 Improper Authentication
12% (1) CWE-20 Improper Input Validation

Open Source Vulnerability Database (OSVDB)

id Description
69922 IBM Lotus Notes Traveler Malformed Document Sync Failure Remote DoS
69921 IBM Lotus Notes Traveler on Nokia s60 Prohibited Application Replace Data Ope...
69919 IBM Lotus Notes Traveler Mobile User Policy Document Cross-domain Credentials...
69881 IBM Lotus Notes Traveler Servlet Unspecified XSS

Snort® IPS/IDS

Date Description
2018-02-06 IBM Java invokeWithPrivilege method call attempt
RuleID : 45351 - Type : FILE-JAVA - Revision : 2
2018-02-06 IBM Java invokeWithClassLoaders method call attempt
RuleID : 45350 - Type : FILE-JAVA - Revision : 2
2018-02-06 IBM Java invokeWithPrivilege method call attempt
RuleID : 45349 - Type : FILE-JAVA - Revision : 2
2018-02-06 IBM Java invokeWithClassLoaders method call attempt
RuleID : 45348 - Type : FILE-JAVA - Revision : 2

Nessus® Vulnerability Scanner

id Description
2014-11-08 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2013-1455.nasl - Type: ACT_GATHER_INFO
2014-11-08 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2013-1456.nasl - Type: ACT_GATHER_INFO
2013-01-24 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2012-1485.nasl - Type: ACT_GATHER_INFO
2012-12-17 Name: The remote host has software installed that is affected by multiple vulnerabi...
File: lotus_notes_8_5_3_fp3.nasl - Type: ACT_GATHER_INFO
2012-11-16 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2012-1465.nasl - Type: ACT_GATHER_INFO
2012-11-16 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2012-1466.nasl - Type: ACT_GATHER_INFO
2012-11-16 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2012-1467.nasl - Type: ACT_GATHER_INFO