CVE-2002-2014Improper Control of Interaction Frequency in IBM Lotus Domino

5 documents5 sources
Severity
5.0MEDIUMNVD
EPSS
0.5%
top 35.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Lotus Domino
Timeline
PublishedDec 31
Latest updateApr 30

Description

Lotus Domino 5.0.8 web server returns different error messages when a valid or invalid user is provided in HTTP requests, which allows remote attackers to determine valid user names and makes it easier to conduct brute force attacks.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDibm/lotus_domino5.0.8

🔴Vulnerability Details

3
GHSA
GHSA-87pj-wmx5-p5vv: Lotus Domino 52022-04-30
OSV
krb5 vulnerabilities2015-11-12
CVEList
CVE-2002-2014: Lotus Domino 52005-07-14

💥Exploits & PoCs

1
Exploit-DB
Chkrootkit 0.49 - Local Privilege Escalation2014-06-28
CVE-2002-2014 — IBM Lotus Domino vulnerability | cvebase