CVE-2004-0480Argument Injection in IBM Lotus Notes

CWE-88Argument Injection3 documents3 sources
Severity
10.0CRITICALNVD
EPSS
19.5%
top 4.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Lotus Notes
Timeline
PublishedDec 6
Latest updateApr 29

Description

Argument injection vulnerability in IBM Lotus Notes 6.0.3 and 6.5 allows remote attackers to execute arbitrary code via a notes: URI that uses a UNC network share pathname to provide an alternate notes.ini configuration file to notes.exe.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

NVDibm/lotus_notes6.0.3, 6.5+1

Patches

Patch: www-1.ibm.comPatch: www.idefense.comPatch: www.securityfocus.com

🔴Vulnerability Details

2
GHSA
GHSA-gv89-cmj2-j2r6: Argument injection vulnerability in IBM Lotus Notes 62022-04-29
CVEList
CVE-2004-0480: Argument injection vulnerability in IBM Lotus Notes 62004-06-30