CVE-2007-5544Incorrect Permission Assignment in IBM Lotus Domino

CWE-732Incorrect Permission Assignment3 documents3 sources
Severity
7.8HIGHNVD
EPSS
0.1%
top 74.74%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Lotus DominoIBM Lotus Notes
Timeline
PublishedOct 29
Latest updateMay 1

Description

IBM Lotus Notes before 6.5.6, and 7.x before 7.0.3; and Domino before 6.5.5 FP3, and 7.x before 7.0.2 FP1; uses weak permissions (Everyone:Full Control) for memory mapped files (shared memory) in IPC, which allows local users to obtain sensitive information, or inject Lotus Script or other character sequences into a session.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDibm/lotus_notes7.0.07.0.3+1
NVDibm/lotus_domino7.07.0.2+3

Patches

Patch: secunia.comPatch: www-1.ibm.comPatch: secunia.com

🔴Vulnerability Details

2
GHSA
GHSA-6vh8-fx25-294x: IBM Lotus Notes before 62022-05-01
CVEList
CVE-2007-5544: IBM Lotus Notes before 62007-10-29
CVE-2007-5544 — Incorrect Permission Assignment in IBM | cvebase