CVE-2007-5544
7.8
CVSS Score
High
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Link copied!
Description
IBM Lotus Notes before 6.5.6, and 7.x before 7.0.3; and Domino before 6.5.5 FP3, and 7.x before 7.0.2 FP1; uses weak permissions (Everyone:Full Control) for memory mapped files (shared memory) in IPC, which allows local users to obtain sensitive information, or inject Lotus Script or other character sequences into a session.
CVSS Vector Details
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected Software Configurations
- a ibm lotus_domino * * * * * * * *
- a ibm lotus_domino 6.5.5 - * * * * * *
- a ibm lotus_domino 7.0.2 - * * * * * *
- a ibm lotus_notes * * * * * * * *
Weaknesses (CWE)
- CWE-732
References & External Links
- http://secunia.com/advisories/27321
- http://www-1.ibm.com/support/docview.wss?uid=swg21257030
- http://www.securityfocus.com/bid/26146
- http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-013.txt
- http://www.vupen.com/english/advisories/2007/3598
- http://secunia.com/advisories/27321
- http://www-1.ibm.com/support/docview.wss?uid=swg21257030
- http://www.securityfocus.com/bid/26146
- http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-013.txt
- http://www.vupen.com/english/advisories/2007/3598
External Resources
CVE History Timeline
Oct 30, 2007 19:40
Initial Analysis
Feb 15, 2024 21:33
Modified Analysis
May 14, 2024 01:48
CVE Modified
Nov 21, 2024 00:38
CVE Modified