CVE-2006-3778 — IBM Lotus Notes vulnerability
3 documents3 sources
Severity
5.0MEDIUMNVD
EPSS
0.5%
top 33.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJul 24
Latest updateMay 1
Description
IBM Lotus Notes 6.0, 6.5, and 7.0 does not properly handle replies to e-mail messages with alternate name users when the (1) "Save As Draft" option is used or (2) a "," (comma) is inside the "phrase" portion of an address, which can cause the e-mail to be sent to users that were deleted from the To, CC, and BCC fields, which allows remote attackers to obtain the list of original recipients.
CVSS vector
AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9