CVE-2011-1520

CVSS V2 High 7.2 CVSS V3 None
Description
The default configuration of the server console in IBM Lotus Domino does not require a password (aka Server_Console_Password), which allows physically proximate attackers to perform administrative changes or obtain sensitive information via a (1) Load, (2) Tell, or (3) Set Configuration command.
Overview
  • CVE ID
  • CVE-2011-1520
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Modified
  • Published Version
  • 2011-03-25T19:55:02
  • Last Modified Date
  • 2018-10-09T19:31:07
Weakness Enumerations
CWE URL
CWE-287 http://cwe.mitre.org/data/definitions/287.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:ibm:lotus_domino:*:*:*:*:*:*:*:* 1 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:L/AC:L/Au:N/C:C/I:C/A:C
  • Access Vector
  • LOCAL
  • Access Compatibility
  • LOW
  • Authentication
  • NONE
  • Confidentiality Impact
  • COMPLETE
  • Integrity Impact
  • COMPLETE
  • Availability Impact
  • COMPLETE
  • Base Score
  • 7.2
  • Severity
  • HIGH
  • Exploitability Score
  • 3.9
  • Impact Score
  • 10
References
Reference URL Reference Tags
http://publib.boulder.ibm.com/infocenter/domhelp/v8r0/index.jsp?topic=/com.ibm.help.domino.admin.doc/DOC/H_THE_DOMINO_CONTROLLER_AND_CONSOLE_OVER.html
http://www.lotus.com/ldd/dominowiki.nsf/dx/server_console_password
http://www.lotus.com/ldd/doc/domino_notes/rnext/help6_admin.nsf/2e73cbb2141acefa85256b8700688cea/0c50e423038555d085256c1d003a31f0?OpenDocument
http://www.zerodayinitiative.com/advisories/ZDI-11-110
http://securityreason.com/securityalert/8164
http://www.securityfocus.com/archive/1/517119/100/0/threaded
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2011-1520
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1520
History
Created Old Value New Value Data Type Notes
2022-05-10 18:35:52 Added to TrackCVE