6.8

CVE-2012-5309

Exploit

servlet/traveler in IBM Lotus Notes Traveler through 8.5.3.3 Interim Fix 1 does not properly restrict invalid authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack.

Data is provided by the National Vulnerability Database (NVD)
IbmLotus Notes Traveler Version8.5.0.0
IbmLotus Notes Traveler Version8.5.0.1
IbmLotus Notes Traveler Version8.5.0.2
IbmLotus Notes Traveler Version8.5.1.1
IbmLotus Notes Traveler Version8.5.1.2
IbmLotus Notes Traveler Version8.5.1.3
IbmLotus Notes Traveler Version8.5.2.1
IbmLotus Notes Traveler Version8.5.3
IbmLotus Notes Traveler Version8.5.3.1
IbmLotus Notes Traveler Version8.5.3.2
IbmLotus Notes Traveler Version8.5.3.3
IbmLotus Notes Traveler Version8.5.3.3 Updateinterim_fix_1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.55% 0.653
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.