CVE-2007-5701Sensitive Information Exposure in IBM Lotus Domino

CWE-200Sensitive Information ExposureCWE-3103 documents3 sources
Severity
2.1LOWNVD
EPSS
0.0%
top 85.49%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Lotus Domino
Timeline
PublishedOct 29
Latest updateMay 1

Description

Incomplete blacklist vulnerability in the Certificate Authority (CA) in IBM Lotus Domino before 7.0.3 allows local users, or attackers with physical access, to obtain sensitive information (passwords) when an administrator enters a "ca activate" or "ca unlock" command with any uppercase character, which bypasses a blacklist designed to suppress password logging, resulting in cleartext password disclosure in the console log and Admin panel.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages1 packages

NVDibm/lotus_domino4 versions+3

Patches

Patch: secunia.comPatch: www-1.ibm.comPatch: www.securityfocus.com

🔴Vulnerability Details

2
GHSA
GHSA-hfj4-xxjm-263f: Incomplete blacklist vulnerability in the Certificate Authority (CA) in IBM Lotus Domino before 72022-05-01
CVEList
CVE-2007-5701: Incomplete blacklist vulnerability in the Certificate Authority (CA) in IBM Lotus Domino before 72007-10-29
CVE-2007-5701 — Sensitive Information Exposure in IBM | cvebase