4.4
CVE-2010-4591
- EPSS 0.28%
- Veröffentlicht 22.12.2010 21:00:19
- Zuletzt bearbeitet 16.06.2026 23:25:08
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
The Connection Manager in IBM Lotus Mobile Connect (LMC) before 6.1.4, when HTTP Access Services (HTTP-AS) is enabled, does not delete LTPA tokens in response to use of the iNotes Logoff button, which might allow physically proximate attackers to obtain access via an unattended client, related to a cookie domain mismatch.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ibm ≫ Lotus Mobile Connect Version <= 6.1.3
Ibm ≫ Lotus Mobile Connect Version6.1.1
Ibm ≫ Lotus Mobile Connect Version6.1.1.1
Ibm ≫ Lotus Mobile Connect Version6.1.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.28% | 0.195 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.4 | 3.4 | 6.4 |
AV:L/AC:M/Au:N/C:P/I:P/A:P
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
http://www-01.ibm.com/support/docview.wss?uid=swg27020327
http://secunia.com/advisories/42703
http://www-01.ibm.com/support/docview.wss?uid=swg1IZ74393